Q: You discover a critical vulnerability in an application but cannot fix it or take it offline. What do you do?
A: In this scenario, you should take the following steps:
- Notify the Developer: Immediately and formally inform the application's development team of the vulnerability.
- Minimise Exposure: Reduce the application's usage to lower the risk of exploitation.
- Restrict Access: Limit the application's usage to a trusted, secure network or only to specific authorised users.
- Implement Monitoring: Increase monitoring of the application and its logs to detect any attempted exploitation.
- Use a Virtual Patch: Consider using a Web Application Firewall (WAF) to block exploitation attempts.
- Create a Communication Plan: Inform stakeholders of the risk and the actions being taken.