https://community.isc2.org/t5/Governance-Risk-Compliance/Web-Application-Vulnerability-Program-Audit/m-p/51946#M693 <P>Hello:<BR />I need to plan for a risk based audit around web application vulnerability management. I am looking for guidance on where to find some examples of RCMs (risk and control matrices) related such an audit<BR /><BR />any sanitized examples of RCMs, audit programs will be great.</P> Mon, 11 Jul 2022 16:44:11 GMT Midude2000 2022-07-11T16:44:11Z https://community.isc2.org/t5/Governance-Risk-Compliance/Web-Application-Vulnerability-Program-Audit/m-p/51946#M693 <P>Hello:<BR />I need to plan for a risk based audit around web application vulnerability management. I am looking for guidance on where to find some examples of RCMs (risk and control matrices) related such an audit<BR /><BR />any sanitized examples of RCMs, audit programs will be great.</P> Mon, 11 Jul 2022 16:44:11 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Web-Application-Vulnerability-Program-Audit/m-p/51946#M693 Midude2000 2022-07-11T16:44:11Z https://community.isc2.org/t5/Governance-Risk-Compliance/Web-Application-Vulnerability-Program-Audit/m-p/51973#M694 <P>Probably best to start with the OWASP cheat sheets, as they include details of vulnerabilities and ways to address them.&nbsp; Then you could also look at the CWE list.</P><P>&nbsp;</P> Wed, 13 Jul 2022 13:24:17 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Web-Application-Vulnerability-Program-Audit/m-p/51973#M694 Steve-Wilme 2022-07-13T13:24:17Z