Support to remediation activities, Issue rechecking activity

Issue management activities will be divided as follows:

Phase I: Support to remediation activities (fixing)

Phase II: Issue rechecking activity

PHASE I: SUPPORT TO FIXING ACTIVITIES

Once the safety tests have been carried out on the target, you will have a lot of information regarding the vulnerabilities found and the suggested remedies.

At this point, within the security development of the software development life cycle, we will focus on Application Vulnerability Management.

Vulnerability resolution consists in implementing the suggested changes in such a way as to create a sufficiently robust solution to the identified vulnerability.

The following figure illustrates the various stages of the application vulnerability management process:

Discovery: this is the initial phase of identifying vulnerabilities carried out with the SCR and WAPT activities described in the previous paragraph.

Triage: once found, the vulnerabilities are classified and the intervention priorities are established according to the associated risk and the impact of each individual vulnerability on the application.

Remediation: it is essentially the activity of Fixing vulnerabilities consisting of changes to the application code. And in turn it can be divided into 2 sub-phases:

• Definition of a Remediation Plan
• Support and support to the Fixing process

Verification: in this phase, test cases are created for each individual issue to verify the implementation.

Within the process outlined, we will focus on the Remediation (Fixing) phase.

Minded Security is able to provide the skills and experience necessary to guide developers through the Remediation process by identifying which vulnerabilities should be fixed and with what priority. The most innovative Best Practices in the field of Application Security will also be identified for the fastest and most effective resolution of the vulnerabilities found.

PHASE II: RECHECK ACTIVITIES

Numerous daily recheck phases on the applications are planned during the project in order to verify the robustness of the implementation and a final recheck in order to check that all implementations relating to the Critical and High issues have been implemented.