Policy Owner: Principal Engineer
...
| Anchor | ||||
|---|---|---|---|---|
|
Application code should be scanned prior to deployment. Patches to address application vulnerabilities that materially impact security should be deployed within 90 days of discovery.
| Anchor | ||||
|---|---|---|---|---|
|
...
Software developers shall be provided with secure development training appropriate to their role at least annually. Training content shall be determined by management but shall address the prevention of common web application attacks and vulnerabilities. The following threats and vulnerabilities should be addressed as appropriate:
prevention of authorization bypass attacks
prevention of the use of insecure session IDs
prevention of Injection attacks
prevention of cross-site scripting attacks
prevention of cross-site request forgery attacks
prevention of the use of vulnerable libraries
| Anchor | ||||
|---|---|---|---|---|
|
...
Version | Date | Description | Author | Approved by |
1.0 | 2020-11-24 | First Version | Luke Rettstatt | |
2.0 | 2023-03-26 | First VersionUpdate to SOC Template | Ryan Heathcote | Tony Erskine |
...