Each agency must perform security assessments on all new applications to ensure key application security and privacy requirements are met. Code in the application and supporting infrastructure must be tested for common errors that can compromise the integrity of the production environment when the application is deployed.
A. Agencies should use one or more of the following application security assessment methods:1. Contract with a third-party for assessment services2. Perform Internal application security assessments3. Utilize application security assessment softwareB. At minimum, the following vulnerabilities must be assessed.3. Broken authentication and session management5. Improper error handling6. Insecure configuration management8. Cross-Site scripting (XSS)9. Insecure direct object references10. Cross-Site request forgery (CSRF)11. Insufficient transport layer protection12. Unvalidated redirects and forwards Miss. Code Ann. § 25-53-1 to § 25-53-25