...
The application was designed to be inherently resilient and to maximize availability and to minimize downtime. Much of this resilience is owed to the hosting infrastructure, the Amazon Web Services (AWS) cloud. Further information regarding our approach to business continuity and disaster recovery are in this article:
Business Continuity and Disaster Recovery
Access Controls
...
Manual Penetration Testing
On a yearly basis the application is ClinSpark web application, supporting applications (such as SparkPlug), and certain infrastructure components are subjected to manual penetration testing, conducted by an external vendor. A summary of findings from the pentest vendor is produced and reviewed by the product team. Findings are summarized into four classifications that are aligned with the OWASP Risk Rating Methodology. We take review and action based on the classifications.
Critical = Address immediately, via hotfix release or other remediation.
High = Address in the current functional release in development.
Medium = Prioritized into the next functional release.
Low = Added to backlog, to be prioritized into an upcoming Reviewed and considered for a functional release.
| Info |
|---|
We evaluate all findings and remediation approach based on the criticalities assigned; subject to risk/impact analysis. Findings that require significant changes may span multiple releasesInfrastructure components may be addressed outside of functional release schedule. |
Security Code Reviews - SDLC
...