Day 5

Key activities

 * Implement compensating controls & mitigation controls
 * Remediation Prioritization

Compensating Controls

 * Implement compensating controls to limit the likelihood of successful attacks; for example, deploy web application firewalls (WAFs) that inspect all traffic flowing to the web application for common web application attacks.

Mitigating Controls

 * Implement mitigating controls to discover and prevent mistakes that may lead to the introduction of vulnerabilities; for example, Control 6 of the CSIS 20 Critical Security Controls – Application Software Security. Build security into the development lifecycle.

Remediation Prioritization

 * Implement remediation prioritization driven by financial calculations. Compare the cost of fixing specific