COMPLIANCE

ZOFixer generates reports that enable you to communicate security discoveries with management and regulatory organizations. In the Advanced Penetration Test package, all compliance is checked and reported.

  1. GDPR Compliance
  2. PCI Compliance
  3. CWE / SANS – Top 25 Most Dangerous Software Errors Compliance
  4. HIPAA Compliance
  5. ISO 27001 Compliance
  6. OWASP Top 10 Compliance
  7. DISA STIG Web Security Compliance
  8. Web Application Security Consortium (WASC) Threat Classification Compliance

1- GDPR Compliance

You get a detailed report on the Advance penetration test package that includes your score for GDPR compliance.

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). Since the Regulation applies regardless of where websites are based, it must be heeded by all sites that attract European visitors, even if they don’t specifically market goods or services to EU residents.

Read more https://gdpr.eu/what-is-gdpr/

2- PCI Compliance

You get a detailed report on the Advance penetration test package that includes PCI compliance.

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. It was launched on September 7, 2006, to manage PCI security standards and improve account security throughout the transaction process.

Read more https://www.pcisecuritystandards.org/

3- CWE / SANS – Top 25 Most Dangerous Software Errors Compliance

You get a detailed report on the Advance penetration test package that includes CWE / SANS – Top 25 Most Dangerous Software Errors.

Click on the CWE ID in any of the listings and you will be directed to the relevant spot in the MITRE CWE site where you will find the following:

  • Ranking of each Top 25 entry,
  • Links to the full CWE entry data,
  • Data fields for weakness prevalence and consequences,
  • Remediation cost,
  • Ease of detection,
  • Code examples,
  • Detection Methods,
  • Attack frequency and attacker awareness
  • Related CWE entries, and
  • Related patterns of attack for this weakness.

Each entry at the Top 25 Software Errors site also includes fairly extensive prevention and remediation steps that developers can take to mitigate or eliminate the weakness.

RankIDName
1CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
2CWE-79Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
3CWE-20Improper Input Validation
4CWE-200Information Exposure
5CWE-125Out-of-bounds Read
6CWE-89Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
7CWE-416Use After Free
8CWE-190Integer Overflow or Wraparound
9CWE-352Cross-Site Request Forgery (CSRF)
10CWE-22Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
11CWE-78Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
12CWE-787Out-of-bounds Write
13CWE-287Improper Authentication
14CWE-476NULL Pointer Dereference
15CWE-732Incorrect Permission Assignment for Critical Resource
16CWE-434Unrestricted Upload of File with Dangerous Type
17CWE-611Improper Restriction of XML External Entity Reference
18CWE-94Improper Control of Generation of Code (‘Code Injection’)
19CWE-798Use of Hard-coded Credentials
20CWE-400Uncontrolled Resource Consumption
21CWE-772Missing Release of Resource after Effective Lifetime
22CWE-426Untrusted Search Path
23CWE-502Deserialization of Untrusted Data
24CWE-269Improper Privilege Management
25CWE-295Improper Certificate Validation

4- The Health Insurance Portability and Accountability Act (HIPAA) Compliance

You get a detailed report on the Advance penetration test package that includes HIPPA compliance.

Part of the HIPAA Act defines the policies, procedures, and guidelines for maintaining the privacy and security of individually identifiable health information. This report identifies the vulnerabilities that might be infringing these policies. The vulnerabilities are grouped by the sections as defined in the HIPAA Act.

Read more https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html

5- ISO 27001 Compliance

You get a detailed report on the Advance penetration test package that includes ISO 27001 compliance.

ISO 27001, a member of the ISO/IEC 27000 family of standards, explicitly describes a management system designed to put information security under explicit management control. This report finds vulnerabilities that may be in violation of the standard and categorizes them according to the sections stated in the standard.

Read more https://www.iso.org/isoiec-27001-information-security.html

6- OWASP Top 10 Compliance

You get a detailed report on the Advance penetration test package that includes OWASP Top 10 compliance.

The Open Web Application Security Project (OWASP) is a web security project led by an international community of corporations, educational institutions and security researchers. OWASP is renowned for its work in web security, specifically through its list of top 10 web security risks to avoid. This report shows which of the detected vulnerabilities are found on the OWASP top 10 vulnerabilities.

Read more https://owasp.org/www-project-top-ten/

7- DISA STIG Web Security Compliance

You get a detailed report on the Advance penetration test package that includes DISA STIG Web Security compliance.

The Security Technical Implementation Guide (STIG) is a configuration guide for computer software and hardware defined by the Defense Information System Agency (DISA), which is part of the United States Department of Defense. This report identifies vulnerabilities that violate sections of STIG and groups the vulnerabilities by the sections of the STIG guide which are being violated.

8- Web Application Security Consortium (WASC) Threat Classification Compliance

You get a detailed report on the Advance penetration test package that includes WASC threat classification compliance.

The Online Application Security Consortium (WASC) is a non-profit organization comprised of worldwide security specialists that have developed a threat rating system for web vulnerabilities. The vulnerabilities found on your site using the WASC threat classification methodology are grouped in this report.

Scroll to Top