Regulatory compliance for web applications

Compliance Auditing

Regulatory and legal guidelines are emerging quickly in response to threats against consumer data privacy. In the United States, several federal and state laws have emerged that mandate severe penalties for the disclosure of private consumer data. With the enactment of Sarbanes-Oxley, even corporate data must be maintained in a safe and trusted manner. In addition, reputational risks to companies with data compromises are extreme with loss of consumer confidence a serious threat to their bottom line. The media has driven security into the consumer consience and everyday folks are beginning to pay attention to threats against their data’s confidentiality, integrity and availability. Common points of compromise, of both consumer and corporate data, are often presented in the form of web applications and portals. Gartner Group claims that some seventy-five percent of all cyber attacks today are at the application level and ninety-seven percent of all websites they tested proved to be vulnerable! With such high levels of risk and so much at stake, how can organizations keep their vital data assets protected?

The Solution

Syhunt is an effective tool for managing the risks associated with web-based deployments and applications. Using Syhunt as a part of a complete security initiative allows organizations to ensure regulatory compliance and to minimize their risk posture. Syhunt’s easy to use interface, easy to understand reports and comprehensive testing mechanisms means the end of worry for web administrators and corporate management. Use Syhunt today to ensure the security of your business, your customer’s data and your bottom line.

As a part of an overall security initiative Syhunt can be utilized to provide a high level of assurance that web exposures and risks are mitigated. The Syhunt Hybrid scanner, and the included Syhunt Dynamic module, can be used to perform vulnerability assessments of an organizations web sites, web portals and web-based applications, regardless of platform. Using the scanner is easy for even basic system and network administrators and allows the identification and mitigation of thousands of potential vulnerabilities and misconfigurations. When used in conjunction with the Syhunt Code module, Syhunt identifies both known and unknown weaknesses in web deployments. Syhunt gives your organization the edge by giving you the confidence to KNOW your data is safe.

HIPAA

Syhunt Dynamic performs assessment of web applications and portals to identify areas of possible vulnerability to data disclosure, denial of service attacks or system compromise.

Syhunt’s unique architecture gives healthcare organizations the capability to check for both known and unknown vulnerabilities in their web-applications and portals; given the life impacting criticality of these deployments, it is wise to use Syhunt to test not just for disclosures, but also denial of service attacks using the Syhunt Dynamic module.

GLBA/PCI CARD/CA-SB1

Syhunt Dynamic provides the guidance needed to harden home banking, customer service, ecommerce and other web-based applications and deployments.

With all of the media attention lately to information disclosures and identity theft, financial organizations should be using Syhunt to perform their own ongoing web server assessments and using in-depth testing with the Syhunt Dynamic module after any changes to their applications.

SARBANES-OXLEY

Syhunt Dynamic presents easy to use and auditor friendly reporting to provide a high level of assurance against SOX threats. Executive management systems can be assessed and data integrity risks can be mitigated through the use of Syhunt against web-based interfaces.

Executive management and financial control systems with web-based access are common points of security breach; Compromise of one of these systems could lead to data confidentiality and/or integrity issues that would impact SOX compliance; Syhunt helps protect against these exposures.

ISO/IEC 27001

ISO / IEC 27001 is an international standard for information security - Information Security Management System (ISMS). Syhunt Dynamic, Code and Insight tools and its CI/CD integration features help your organization to be compliant with the following ISO 27001 annexes:

  • A.16.1.5 Response to Information Security Incidents
  • A.14.1.2 Securing Application Services on Public Networks
  • A.14.1.3 Protecting Application Services Transactions
  • A.14.2 Security in Development and Support Processes
  • A14.2.1 Secure Development Policy
  • A.14.2.6 Secure Development Environment
  • A.12.4 Logging and Monitoring
  • A.12.4.2 Protection of Log Information
  • A.10 Cryptography

Contact