In light of COVID-19 precaution measures, we remind that all ImmuniWeb products can be easily configured and safely paid online without any human contact or paperwork.

Community Edition
Total Tests:
This Week:
Today:
ImmuniWebСomplianceISO 27001

ISO 27001 Compliance and Application Security

Maintained by the ISO/IEC, ISO 27001 is a global standard for Information Security Management System (ISMS).
Only Accredited Registrars can provide the ISO 27001 certification to companies which have high security
measures of data protection. The certification outlines the security controls and their objectives.

ISO/IEC 27001:2013, Annex A

ISO 27001 imposes various data protection, privacy and security testing requirements on all companies that must adhere to it. Holistic visibility and inventory of digital assets, web and mobile application security are an indispensable part of ISO 27001 compliance process:

A.7.1.1 Inventory of assets

“All assets shall be clearly identified and an inventory of all important assets drawn up and maintained.”

A.12.6.1 Control of technical vulnerabilities

“Timely information about technical vulnerabilities of information systems being used shall be obtained, the organization's exposure to such vulnerabilities evaluated, and appropriate measures taken to address the associated risk.”

A.15.2.2 Technical compliance checking

“Information systems shall be regularly checked for compliance with security implementation standards”

ImmuniWeb® AI Platform for ISO 27001 Compliance

1

Illuminate Your Attack
Surface to Prioritize Testing

ImmuniWeb® Discovery

ImmuniWeb® Discovery

Dark Web & Attack Surface Monitoring

  • AI-Enabled
  • Automated
  • 24/7

2

Run Risk-Based Security
Testing and Remediation

ImmuniWeb® On-Demand

ImmuniWeb® On-Demand

Web Application Penetration Testing

  • AI-Enabled
  • Manual
  • One-Time
 ImmuniWeb® MobileSuite

ImmuniWeb® MobileSuite

Mobile Penetration Testing

  • AI-Enabled
  • Manual
  • One-Time

3

Ensure Continuous
Security Monitoring

ImmuniWeb® Continuous

ImmuniWeb® Continuous

Continuous Penetration Testing

  • AI-Enabled
  • Manual
  • 24/7

Application security and compliance for ISO 27001 starts with holistic visibility of your digital assets, related risks and threats. You simply cannot protect what you don't know. Therefore, we recommend commencing your ISO 27001 compliance efforts with IT asset discovery, inventory, classification and risk scoring. Our ImmuniWeb® Discovery leverages OSINT technology to rapidly detect your external web, mobile and cloud assets equipped with attractiveness and hackability scores. Based on our award-winning AI technology, ImmuniWeb Discovery will likewise provide you with a snapshot of your exposure in the Deep and Dark Web. Once completed, you are ready to start well-informed and risk-based application security testing for the purpose of ISO 27001 compliance.

For one-time security testing of your web applications and APIs, we recommend using ImmuniWeb® On-Demand equipped with CVE, CWE reporting and CVSSv3 risk scoring. Its in-depth and rapid testing is based on OWASP Testing Guide (OTGv4), NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, PCI DSS Information Supplement Penetration Testing Guidance, FedRAMP Penetration Test Guidance and ISACA’s How to Audit GDPR. The testing comprehensively covers full spectrum of security vulnerabilities from SANS Top 25 and OWASP Top 10.

For iOS and Android mobile apps and their backend (e.g. APIs or REST/SOAP web services) we provide all-inclusive testing with ImmuniWeb® MobileSuite equipped with CVE, CWE reporting and CVSSv3 risk scoring. Its in-depth and rapid testing is based on OWASP Mobile Security Testing Guide (MSTG) and OWASP Testing Guide (OTGv4), NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, PCI DSS Information Supplement Penetration Testing Guidance, FedRAMP Penetration Test Guidance and ISACA’s How to Audit GDPR. The testing comprehensively covers full spectrum of security vulnerabilities from SANS Top 25 and OWASP Mobile Top 10.

For most critical applications that directly impact your ISO 27001 compliance we offer ImmuniWeb® Continuous for incremental 24/7 testing of any new or updated code. It is equipped with CVE, CWE reporting and CVSSv3 risk scoring, its in-depth and rapid testing is based on OWASP Testing Guide (OTGv4), NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, PCI DSS Information Supplement Penetration Testing Guidance, FedRAMP Penetration Test Guidance and ISACA’s How to Audit GDPR. The testing comprehensively covers full spectrum of security vulnerabilities from SANS Top 25 and OWASP Top 10.

What’s Next:

DISCLAIMER: The information provided on this website does not, and is not intended to, constitute a legal advice; instead, all information, content, and materials available on this website are provided for general informational purposes only.

Application Security Compliance and Regulations

GDPR Compliance and Application Security GDPR
ISO 27001 Compliance and Application Security ISO 27001
NYSDFS 23 NYCRR 500 Compliance and Application Security NYSDFS 23 NYCRR 500
Fisma NIST 800-53 Compliance and Application Security FISMA NIST 800-53
SOX Compliance and Application Security Sarbanes Oxley
PCI DSS Compliance and Application Security PCI DSS
UK MCSS Compliance and Application Security UK MCSS
California Consumer Privacy Act (CCPA) of 2018 CCPA
Fisma NIST 800-137 Compliance and Application Security FISMA NIST 800-137
HIPAA
PA DSS Compliance and Application Security PA DSS
Singapore MAS TRM Compliance and Application Security Singapore MAS TRM
Fisma NIST 800-37 Compliance and Application Security FISMA NIST 800-37
Fisma NIST 800-171 Compliance and Application Security FISMA NIST 800-171

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

View Products Ask a Question