Control PenetrationTesting

URI: PenetrationTesting

Description: The software for a host or process has been tested to check it is not vulnerable to certain attacks.

Host	A device that can store, process, transmit or receive data.
Process	Represents a process (usually implemented by software running on a Host) that can read, update or create data, or exchange data with other processes.

CSG-PenTestingOfHost

The software and hardware at device Host has been tested and certified to be secure by independent experts. The device is unlikely to contain exploitable bugs, though the assessment may become outdated so should be renewed from time to time. Note that this does not prevent bugs that are present being discovered and exploited by attackers, so it is a prior mitigation only which is ignored in current (run-time) risk calculations.

CSG-PenTestingOfProcess

The software for process Process has been tested and certified to be secure by independent experts. The process is unlikely to contain exploitable bugs, though the assessment may become outdated so should be renewed from time to time. Note that this does not prevent bugs that are present being discovered and exploited by attackers, so it is a prior mitigation only which is ignored in current (run-time) risk calculations.

Control PenetrationTesting

Assets (2)

Control Strategies (2)