| Table of Contents |
|---|
Objective
...
The objectives of this security audit are to:
Identify any security vulnerabilities present in the data ETL and visualisation layer of the application
Assess the effectiveness of existing security controls
Provide recommendations for improving the overall security of the data ETL and visualisation application
Scope
...
The scope of the audit includes:
...
Penetration testing of any systems other than the data ETL and visualisation application itself
Physical security of the hosting environment
Methodology
...
The audit will be conducted using the following methodology:
A combination of automated and manual testing techniques will be employed
Industry-standard testing frameworks and tools will be used
The OWASP Top 10 security risks will be used as a guide for testing scenarios
SANS TOP 25 Most Dangerous Software Errors could be as additional guidelines
Additional testing scenarios will be developed to assess the specific security risks associated with data ETL and visualisation applications, such as data leakage and data corruption
Deliverables
...
The following deliverables will be provided upon completion of the audit:
A detailed report of findings, including a prioritized prioritised list of vulnerabilities and recommended remediation steps
An executive summary of the findings and recommendations
A debrief session to review the findings and recommendations with the development team and stakeholders
Roles and Responsibilities
...
The following roles and responsibilities have been established for the audit:
The audit team will be responsible for conducting the audit and producing the deliverables
The data ETL, visualisation and application development team will be responsible for providing access to the application and its components, as well as providing any necessary assistance during the audit
Stakeholders from the organization organisation will be responsible for reviewing the findings and recommendations and implementing any necessary remediation steps
...