Web App Security

 

Web Application Security Assessment (WASA )

Web Application Security Assessments (WASAs) are an in-depth penetration test for common vulnerabilities, such as SQL Injection, Authorization Bypass and Cross-Site Scripting (XSS) within web applications. Development teams submit a WASA questionnaire to OCC when the app reaches the staging environment. OCC periodically requests the VA Cybersecurity Operations Center (CSOC) Vulnerability Scanning Team (VST) perform vulnerability scans of VA apps.

Mobile Application Security Assessment (MASA) Penetration Testing

Specific to mobile apps, the Mobile Application Security Assessment (MASA), is a process for reducing risk and improving compliance with industry regulations by comprehensively analyzing an application’s security system. The NSOC uses a variety of tools and act as an "attacker" to identify application vulnerabilities on a running application (runtime analysis). One aspect of their test is to use tools such as Nessus to scan an app's infrastructure. NSOC security engineers also perform manual testing. This phase, sometimes also called Enterprise IT Security, is a formal Mobile Applications Program (MAP) requirement that must be completed before promotion to production. This testing is performed in a test environment, not in production. The app Project Manager. is responsible for contacting NSOC.