SOX Compliance and Application Security

It is a US Federal Law whose purpose is to impose robust integrity requirements for financial reporting and
accounting systems, and is applicable to all US public companies, international companies
traded in the US and accounting firms serving them.

SARBANES-OXLEY ACT OF 2002
[Public Law 107–204, Approved July 30, 2002, 116 Stat. 745]
[As Amended Through P.L. 112–106, Enacted April 05, 2012]

SEC. 404. [15 U.S.C. 262] MANAGEMENT ASSESSMENT OF INTERNAL CONTROLS

(a) RULES REQUIRED — The Commission shall prescribe rules requiring each annual report required by section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m or 78o(d)) to contain an internal control report, which shall— (1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and (2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.


(b) INTERNAL CONTROL EVALUATION AND REPORTING—With respect to the internal control assessment required by subsection (a), each registered public accounting firm that prepares or issues the audit report for the issuer, other than an issuer that is an emerging growth company (as defined in section 3 of the Securities Ex-change Act of 1934), shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this subsection shall be made in accordance with standards for at-testation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement.

ImmuniWeb® Products for Sarbanes Oxley Compliance

Application security and compliance starts with visibility. You cannot protect what you don't know. Therefore, we recommend starting Sarbanes Oxley with an asset discovery and inventory.

ImmuniWeb® Discovery rapidly detects your external web, mobile and cloud assets equipped with asset’s attractiveness and hackability scores. Based on Big Data and our proprietary AI technology, the entire process is rapid and non-intrusive. Once you have a comprehensive and up2date inventory of your assets, you are ready to start a well-informed and risk-based application security testing.

For one-time security testing of you web applications and APIs, we recommend using ImmuniWeb® On-Demand. For iOS and Android mobile apps and their backend (e.g. API or REST/SOAP web services) we provide all-inclusive testing with ImmuniWeb® MobileSuite.

For most critical applications that directly impact your Sarbanes Oxley we offer ImmuniWeb® Continuous for incremental 24/7 testing of any new or updated code.

All ImmuniWeb® products leverage our award-winning Multilayer Application Security Testing and AI technology for intelligent automation and acceleration of Application Security Testing. Driven by human penetration testing, it rapidly detects even the most sophisticated vulnerabilities and comes with a zero false-positives SLA:

ImmuniWeb® Products for Sarbanes Oxley Compliance

ImmuniWeb® Discovery
ImmuniWeb® Discovery Application Security Score Card
Web Mobile API Cloud
Freemium
ImmuniWeb® MobileSuite
ImmuniWeb® MobileSuite One-Time Mobile Audit
Mobile API Cloud
From $1,499
ImmuniWeb® On-Demand
ImmuniWeb® On-Demand One-Time Web Application Audit
Web API Cloud
From $499
ImmuniWeb Continuous
ImmuniWeb® Continuous 24/7 Web Security Testing
Web API Cloud
From $1,199 / month
Quick Start
Technology
Products
Free Trial