From the course: CSSLP Cert Prep: 8 Supply Chain and Software Acquisition
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Analyzing third-party software security
From the course: CSSLP Cert Prep: 8 Supply Chain and Software Acquisition
Analyzing third-party software security
- [Instructor] It's rare that you'll have the tools, the time, and the permission to run third-party software solutions through the same security regiment you apply to internally developed applications. There are certain nuances to analyzing the security of third-party software. As I mentioned in an earlier video, the likelihood is pretty low that you'll be able to run a vulnerability scan against a third-party application. If it's a commercial off-the-shelf app, you'll be limited to black-box testing, or testing with limited permissions or visibility. Chances are you won't have the source code for on-prem apps, and that you'll be prohibited from scanning SaaS apps to minimize the risk of breaking components while other customers are using them. Instead of running those vulnerability scans yourself, you'll be better off if your vendor performs all of the security testing themselves. After all, you don't need to run the scans.…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.