In order to provide the highest levels of application security, RedShield delivers customised Advanced Shield objects from our library to directly mitigate complex vulnerabilities.
When a vulnerability is discovered in an application by penetration testers or third party vulnerability scanning, information should be shared with RedShield at the earliest opportunity to facilitate Advanced Shielding as the fastest method for mitigating new issues discovered in an application.
Tips for providing vulnerability information to RedShield:
- Please communicate securely - vulnerability data should not be shared by email, or in the body of a support ticket.
- The more information about a vulnerability which can be provided, the better. Ideally, provide the full penetration testing report (our standard Service Agreement includes contractual protection with regards to non-disclosure, and our Vault system is designed to provide secure handling of this sensitive document). RedShield team will need to replicate the vulnerability in order to provide assurances around our Advanced Shield objects. Some assistance may be needed from developers and penetration testers in this.
Critical and High severity vulnerabilities may be raised as Urgent support tickets if required; however please note as above that vulnerability data should not be provided in the ticket itself, and that in most cases Advanced Shielding is a chargeable service defined within your Service Inclusions document, accompanying your Service Agreement.
Your Service Delivery Team will respond and assist with the process of vulnerability mitigation.