Manage vulnerabilities in your applications

It is recommended to use vulnerability scanning tools both for applications (Dynamic - DAST), and code (static, SAST) and perform penetration testing on critical company applications and ideally on all of them.

There are many solutions from our partners on AWS Marketplace (such as Checkmarx y Veracode) and Open Source (such as Nikto, Vega, or Burp Suite) to review application vulnerabilities.

While it is a good practice to deploy a Web Application Firewall (such as AWS WAF) to block attacks on applications, this does not mean that no application vulnerability check is required. Following the defense in depth principle, both controls must be performed to reduce the risk of exploitation of a vulnerability.

In later phases are other recommendations related to this one: