In the webinar on 27 October, we discussed best practices in managing vulnerabilities for critical infrastructure systems. In this webinar, we will discuss how to effectively identify vulnerabilities.
Many techniques are available to identify vulnerabilities, from standardized and automated methods such as vulnerability scanning and web application testing, to more specialized methods such as penetration testing, code reviews, and fuzzing. The cost of some methods can be quite high, not just in terms of external testers, but also in terms of internal preparation in setting up the systems. Therefore, it is important to chose the methods that can most effectively identify high-risk vulnerabilities.
ENCS will present our experiences in which methods work for what type of systems, and we will discuss the experiences at members.