Fork me on GitHub

TestAndVerification -> Static depth for applications: Static analysis for all components/libraries

Risk and Opportunity

Risk: Used components like libraries and legacy applications might have vulnerabilities
Opportunity: Usage of a static analysis for all used components.

Usefulness and Requirements of this Activitiy

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: High
Required resources (systems): Low

Additional Information

Dependencies: Static analysis for important client side components, Static analysis for important server side components

OWASP SAMM VERSION 2

ISO27001 2017