AppCheck & The GDPR
News / Product / Posted March 15, 2018
There is no doubt that the GDPR is serious business. AppCheck has noticed a significant shift in focus by company executives, taking a much more active interest in security matters since the GDPR, and specifically the fines were introduced. Naturally, with that comes a never-ending list of vendors claiming to solve the GDPR problem. In truth, no one product or service can achieve compliance, rather the GDPR requires a strategy that includes a thorough understanding of your responsibilities, exposure and requirements to demonstrate compliance with the six principals of the GDPR.
AppCheck has a significant part to play in your compliance strategy, this blog post and linked PDF highlights some existing and new features introduced to support compliance with the GDPR.
One of the initial challenges facing organisations when preparing for GDPR is identifying and documenting all the places Personally Identifiable information (PII) is captured and stored.
AppCheck has added a new module that identifies any form that requests PII data from the user. Whilst in many cases forms of this nature are well known to the organisation, there may be some that are overlooked. For example, signup forms to receive a newsletter may not be at the forefront of your GDPR strategy, yet they could still be accumulating PII data which gets overlooked.
- Identify PII collection through websites and applications.
- Identify forms that are not compliant with GDPR standards (e.g. non-compliant consent collection).
- Identify insecure communication of PII data.
The real strength of AppCheck lies within its ability to detect critical impact vulnerabilities that could lead to a data breach. Whilst it is important that all security vulnerabilities within your web applications be addressed, some pose a more immediate threat than others. The GDPR Scan profile focuses on vulnerabilities that when exploited provide unauthorised access to databases and hosted systems. The list below highlights some of the checks performed by AppCheck, note that these are some examples from thousands of checks performed during an AppCheck scan.
- Identify critical injection vulnerabilities that could lead to a data breach such as; SQL, NoSQL, Expression Language Code and Command Injection vulnerabilities.
- Broken access control and weak password vulnerabilities
- Second order Cross-Site Scripting
- Sensitive Data Exposure
- Clear text password storage
- Insecure upload components
Provide a detailed remediation plan to resolve vulnerabilities and compliancy failings. Rescan and track remediation efforts throughout the process.
AppCheck reports include a detailed narrative to explain each finding along with proof of concept examples provided through safe exploitation.
Get started with Appcheck
No software to download or install.
Contact us or call us 0113 887 8380