“While the concept of manual inspections and human reviews is simple, they can be among the most powerful and effective techniques available”
Source: OWASP Testing Guide version 4
Is your system and application documentation up-to-date?
Does it include:
- Security requirements,
- Hardening settings,
- Operational procedures
Are your systems and applications installed and configured according security best practices and in-line with your Security Policies and the applicable Compliance regulations.
A documentation review will show:
- If your security policies and relevant compliance regulations are used as input for system and application hardening.
- If your documentation is up-to-date.
- Security ‘best-practices’ are selected and applied.,
- Which low scored topics are to be addressed in Security Awareness training