Skip to main content

Q: You discover a critical vulnerability in an application but cannot fix it or take it offline. What do you do?

A: In this scenario, you should take the following steps:

  1. Notify the Developer: Immediately and formally inform the application's development team of the vulnerability.
  2. Minimise Exposure: Reduce the application's usage to lower the risk of exploitation.
  3. Restrict Access: Limit the application's usage to a trusted, secure network or only to specific authorised users.
  4. Implement Monitoring: Increase monitoring of the application and its logs to detect any attempted exploitation.
  5. Use a Virtual Patch: Consider using a Web Application Firewall (WAF) to block exploitation attempts.
  6. Create a Communication Plan: Inform stakeholders of the risk and the actions being taken.