Application Software Cybersecurity Scanning

Abstract

Scanning software applications for cybersecurity vulnerabilities is a crucial step is assessing the overall health of the application, but how can this kind of scan be performed to give development teams the information they need to make informed design decisions? Two pilot cybersecurity scans were conducted in an attempt to answer this question. A scanning team composed of various subject matter experts was established and worked closely with the development team to perform these scans and capture metrics throughout the process. These interactions and metrics indicate that these scans can be performed in an unobtrusive way and still provide valuable information to development teams regarding the health of their application. This work is not definitive in nature but serves as a foundation for future work.