In light of COVID-19 precaution measures, we remind that all ImmuniWeb products can be easily configured and safely paid online without any human contact or paperwork.

Total Tests:

Singapore MAS TRM Compliance and Application Security

Developed by the Monetary Authority of Singapore, TRM Guidelines provide the Financial Institutions of Singapore
with a solid baseline for robust technology risk management, system security, reliability and
resilience aimed to protect customer data, transactions and systems.

Monetary Authority of Singapore, technology risk management guidelines

Singapore MAS TRM imposes various data protection, privacy and security testing requirements on all companies that must adhere to it. Holistic visibility and inventory of digital assets, web and mobile application security are an indispensable part of Singapore MAS TRM compliance process:

6.2.4

The FI should conduct penetration testing prior to the commissioning of a new system which offers internet accessibility and open network interfaces. The FI should also perform vulnerability scanning of external and internal network components that support the new system.

9.4.1

Vulnerability assessment (VA) is the process of identifying, assessing and discovering security vulnerabilities in a system. The FI should conduct VAs regularly to detect security vulnerabilities in the IT environment.

9.4.2

The FI should deploy a combination of automated tools and manual techniques to perform a comprehensive VA. For web-based external facing systems, the scope of VA should include common web vulnerabilities such as SQL injection and cross-site scripting.

9.4.3

The FI should establish a process to remedy issues identified in Vas and perform subsequent validation of the remediation to validate that gaps are fully addressed.

9.4.4

The FI should carry out penetration tests in order to conduct an in-depth evaluation of the security posture of the system through simulations of actual attacks on the system. The FI should conduct penetration tests on internet-facing systems at least annually.

ImmuniWeb® AI Platform for Singapore MAS TRM Compliance

Application security and compliance for Singapore MAS TRM starts with holistic visibility of your digital assets, related risks and threats. You simply cannot protect what you don't know. Therefore, we recommend commencing your Singapore MAS TRM compliance efforts with IT asset discovery, inventory, classification and risk scoring. Our ImmuniWeb® Discovery leverages OSINT technology to rapidly detect your external web, mobile and cloud assets equipped with attractiveness and hackability scores. Based on our award-winning AI technology, ImmuniWeb Discovery will likewise provide you with a snapshot of your exposure in the Deep and Dark Web. Once completed, you are ready to start well-informed and risk-based application security testing for the purpose of Singapore MAS TRM compliance.

For one-time security testing of your web applications and APIs, we recommend using ImmuniWeb® On-Demand equipped with CVE, CWE reporting and CVSSv3 risk scoring. Its in-depth and rapid testing is based on OWASP Testing Guide (OTGv4), NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, PCI DSS Information Supplement Penetration Testing Guidance, FedRAMP Penetration Test Guidance and ISACA’s How to Audit GDPR. The testing comprehensively covers full spectrum of security vulnerabilities from SANS Top 25 and OWASP Top 10.

For iOS and Android mobile apps and their backend (e.g. APIs or REST/SOAP web services) we provide all-inclusive testing with ImmuniWeb® MobileSuite equipped with CVE, CWE reporting and CVSSv3 risk scoring. Its in-depth and rapid testing is based on OWASP Mobile Security Testing Guide (MSTG) and OWASP Testing Guide (OTGv4), NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, PCI DSS Information Supplement Penetration Testing Guidance, FedRAMP Penetration Test Guidance and ISACA’s How to Audit GDPR. The testing comprehensively covers full spectrum of security vulnerabilities from SANS Top 25 and OWASP Mobile Top 10.

For most critical applications that directly impact your Singapore MAS TRM compliance we offer ImmuniWeb® Continuous for incremental 24/7 testing of any new or updated code. It is equipped with CVE, CWE reporting and CVSSv3 risk scoring, its in-depth and rapid testing is based on OWASP Testing Guide (OTGv4), NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, PCI DSS Information Supplement Penetration Testing Guidance, FedRAMP Penetration Test Guidance and ISACA’s How to Audit GDPR. The testing comprehensively covers full spectrum of security vulnerabilities from SANS Top 25 and OWASP Top 10.

What’s Next:

DISCLAIMER: The information provided on this website does not, and is not intended to, constitute a legal advice; instead, all information, content, and materials available on this website are provided for general informational purposes only.
View Products Ask a Question