Closed HeatherRemacle closed 3 years ago
Patrick helped us to complete the Privacy document. Following notes were added part of the STRA questionnaire and STRA Lite. This is a reminder for the development team to contact Patrick to get more details on this ticket.
STRA Lite
A vulnerability scanning was scheduled for a zap scan (automated) for August 11th.
(This zap scan will perform vulnerability scanning as well as penetration testing)
It will be automated so that it can be run by any of the developers during their workflow.
STRA Questionnaire
A ZAP scan has been completed and sent to the Security Analyst. The results were provided to IPS and no critical vulnerabilities were identified. With each sprint more of the identified vulnerabilities are remediated and another Zap scan is done. At the time of writing, the remaining two medium vulnerabilities(one of which does not apply) will be addressed prior to the production release.
Document link below:
Please chat with Patrick on the value/effort required for implementing this.
Demoed the work done for zap scanner to @mark-a-wilson
Yup - confirmed - it was pretty cool!
https://www.zaproxy.org/