In light of COVID-19 precaution measures, we remind that all ImmuniWeb products can be easily configured and safely paid online without any human contact or paperwork.

Total Tests:
This Week:
Today:

GDPR Compliance and Application Security

Being a EU law purported to protect privacy of European citizens and residents, GDPR mandates companies from all
countries to use security and privacy mechanisms when collecting or processing
Personally Identifiable Information (PII) of these individuals.

EU General Data Protection Regulation, Regulation 2016/679

GDPR imposes various data protection, privacy and security testing requirements on all companies that must adhere to it. Holistic visibility and inventory of digital assets, web and mobile application security are an indispensable part of GDPR compliance process:

Article 5, Section 1(f)

“Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).”

Article 25, Section 1

“Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.”

Article 32, Section 1 (b)(d)

“Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

  • The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.”

Article 35, Section 7(f)

“The assessment shall contain at least the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation taking into account the rights and legitimate interests of data subjects and other persons concerned.”

ImmuniWeb® for GDPR Compliance

Application security and compliance for GDPR starts with holistic visibility of your digital assets, related risks and threats. You simply cannot protect what you don't know. Therefore, we recommend commencing your GDPR compliance efforts with IT asset discovery, inventory, classification and risk scoring. Our ImmuniWeb® Discovery leverages OSINT technology to rapidly detect your external web, mobile and cloud assets equipped with attractiveness and hackability scores. Based on our award-winning AI technology, ImmuniWeb Discovery will likewise provide you with a snapshot of your exposure in the Deep and Dark Web. Once completed, you are ready to start well-informed and risk-based application security testing for the purpose of GDPR compliance.

For one-time security testing of your web applications and APIs, we recommend using ImmuniWeb® On-Demand equipped with CVE, CWE reporting and CVSSv3 risk scoring. Its in-depth and rapid testing is based on OWASP Testing Guide (OTGv4), NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, PCI DSS Information Supplement Penetration Testing Guidance, FedRAMP Penetration Test Guidance and ISACA’s How to Audit GDPR. The testing comprehensively covers full spectrum of security vulnerabilities from SANS Top 25 and OWASP Top 10.

For iOS and Android mobile apps and their backend (e.g. APIs or REST/SOAP web services) we provide all-inclusive testing with ImmuniWeb® MobileSuite equipped with CVE, CWE reporting and CVSSv3 risk scoring. Its in-depth and rapid testing is based on OWASP Mobile Security Testing Guide (MSTG) and OWASP Testing Guide (OTGv4), NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, PCI DSS Information Supplement Penetration Testing Guidance, FedRAMP Penetration Test Guidance and ISACA’s How to Audit GDPR. The testing comprehensively covers full spectrum of security vulnerabilities from SANS Top 25 and OWASP Mobile Top 10.

For most critical applications that directly impact your GDPR compliance we offer ImmuniWeb® Continuous for incremental 24/7 testing of any new or updated code. It is equipped with CVE, CWE reporting and CVSSv3 risk scoring, its in-depth and rapid testing is based on OWASP Testing Guide (OTGv4), NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, PCI DSS Information Supplement Penetration Testing Guidance, FedRAMP Penetration Test Guidance and ISACA’s How to Audit GDPR. The testing comprehensively covers full spectrum of security vulnerabilities from SANS Top 25 and OWASP Top 10.

What’s Next:

DISCLAIMER: The information provided on this website does not, and is not intended to, constitute a legal advice; instead, all information, content, and materials available on this website are provided for general informational purposes only.
Ask a Question