ISO 27001 Compliance and Application Security

Maintained by the ISO/IEC, ISO 27001 is a global standard for Information Security Management System (ISMS).
Only Accredited Registrars can provide the ISO 27001 certification to companies which have high security
measures of data protection. The certification outlines the security controls and their objectives.

ISO/IEC 27001:2013, Annex A

ISO 27001 imposes various data protection, privacy and security testing requirements on all companies that must adhere to it. Web and mobile application security is an important part of ISO 27001 compliance process:

A.7.1.1 Inventory of assets

“All assets shall be clearly identified and an inventory of all important assets drawn up and maintained.”

A.12.6.1 Control of technical vulnerabilities

“Timely information about technical vulnerabilities of information systems being used shall be obtained, the organization's exposure to such vulnerabilities evaluated, and appropriate measures taken to address the associated risk.”

A.15.2.2 Technical compliance checking

“Information systems shall be regularly checked for compliance with security implementation standards”

ImmuniWeb® Products for ISO 27001 Compliance

Application security and compliance starts with visibility. You cannot protect what you don't know. Therefore, we recommend starting ISO 27001 with an asset discovery and inventory.

ImmuniWeb® Discovery rapidly detects your external web, mobile and cloud assets equipped with asset’s attractiveness and hackability scores. Based on Big Data and our proprietary AI technology, the entire process is rapid and non-intrusive. Once you have a comprehensive and up2date inventory of your assets, you are ready to start a well-informed and risk-based application security testing.

For one-time security testing of your web applications and APIs, we recommend using ImmuniWeb® On-Demand.

For iOS and Android mobile apps and their backend (e.g. API or REST/SOAP web services) we provide all-inclusive testing with ImmuniWeb® MobileSuite.

For most critical applications that directly impact your ISO 27001 we offer ImmuniWeb® Continuous for incremental 24/7 testing of any new or updated code.

All ImmuniWeb® products leverage our award-winning Multilayer Application Security Testing and AI technology for intelligent automation and acceleration of Application Security Testing. Driven by human penetration testing, it rapidly detects even the most sophisticated vulnerabilities and comes with a zero false-positive SLA.

Application Security
Compliance and Regulations

GDPR Compliance and Application Security GDPR
PCI DSS Compliance and Application Security PCI DSS
PA DSS Compliance and Application Security PA DSS
ISO 27001 Compliance and Application Security ISO 27001
UK MCSS Compliance and Application Security UK MCSS
Singapore MAS TRM Compliance and Application Security Singapore MAS TRM
NYSDFS 23 NYCRR 500 Compliance and Application Security NYSDFS 23 NYCRR 500
Fisma NIST 800-37 Compliance and Application Security FISMA NIST 800-37
Fisma NIST 800-53 Compliance and Application Security FISMA NIST 800-53
Fisma NIST 800-137 Compliance and Application Security FISMA NIST 800-137
Fisma NIST 800-171 Compliance and Application Security FISMA NIST 800-171
SOX Compliance and Application Security Sarbanes Oxley
HIPAA
Quick Start
Solutions
Get a Demo
Newsletter

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Accept