LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Unlock the full course today

Join today to access over 24,100 courses taught by industry experts.

Analyzing third-party software security

Analyzing third-party software security

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Start my 1-month free trial Buy for my team

Analyzing third-party software security

“

- [Instructor] It's rare that you have the tools, the time, and the permission to run third-party software solutions through the same security regimen that you apply to internally developed applications. There are certain nuances to analyzing the security of third-party software. As I mentioned in an earlier video, the likelihood is somewhat low that you'll be able to run a vulnerability scan against a third-party application. If it's a commercial off-the-shelf application, you'll be limited to black box testing or testing with limited permissions or visibility. Chances are you won't have the source code for on-premise applications, and you'll be prohibited from scanning SaaS applications to minimize the risk of breaking components while other customers are using them. Instead of running those vulnerability scans yourselves, you'll be better off if you let the partner perform all of their own internal security testing. After all, you don't need to run the scans. You just need to know…

Contents