Application vulnerabilities account for the largest portion of attack vectors besides malware. It is crucial that any application is assessed for vulnerabilities and any vulnerabilities are remediated prior to production deployment.
In case any kind of security incidents must be immediately communicated to all related parties.
Purpose of the Policy
The purpose of this policy is to define application security assessments within Alpha Serve. Application assessments are performed to identify potential or realised weaknesses as a result of inadvertent misconfiguration, weak authentication, insufficient error handling, sensitive information leakage, etc. Discovery and subsequent mitigation of these issues will limit the attack surface of Alpha Serve products and services, as well as satisfy compliance with any relevant policies in place.
All the processes and activities described in this Policy are targeted to prevent Alpha Serve’s applications from external threats that arrive from several paths to do harm to business or organisation.
Scope of the Policy
This policy covers all application security assessments for the purposes of maintaining the security posture, compliance, risk management, and change control of technologies in use at Alpha Serve.
All application security assessments will be performed by the personnel either employed or contracted by Alpha Serve. All findings are considered confidential and are to be distributed to persons on a “need to know” basis. Distribution of any findings outside of Alpha Serve is strictly prohibited unless approved by the Chief Executive Officer.
This policy must be adhered to by all Alpha Serve employees or temporary workers at all locations and by contractors working with Alpha Serve as subcontractors.