Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
    • GP-001 Control of documents
    • GP-002 Quality planning
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 Human Resources and Training
    • GP-006 Non-conformity, Corrective and Preventive actions
    • GP-007 Post-market surveillance
    • GP-008 Product requirements
    • GP-009 Sales
    • GP-010 Purchases and suppliers evaluation
    • GP-011 Provision of service
    • GP-012 Design, redesign and development
    • GP-013 Risk management
    • GP-014 Feedback and complaints
    • GP-015 Clinical evaluation
    • GP-016 Traceability and identification
    • GP-017 Technical assistance service
    • GP-018 Infrastructure and facilities
    • GP-019 Software validation plan
    • GP-020 QMS Data analysis
    • GP-021 Communications
    • GP-022 Document translation
    • GP-023 Change control management
    • GP-024 Cybersecurity Risk Management
      • Templates
        • T-024-001 Software Bills Of Materials
        • T-024-002 Cyber Security Risk Management Plan
        • T-024-003 Cyber Security Risk Matrix
        • T-024-004 Security Risk Assessment Report
        • T-025-005 Security Risk Testing Report
      • GP-024 Deprecated Cybersecurity
    • GP-025 Usability and Human Factors Engineering
    • GP-027 Corporate Governance
    • GP-028 AI Development
    • GP-029 Software Delivery And Comissioning
    • GP-050 Data Protection
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
    • GP-100 Business Continuity (BCP) and Disaster Recovery plans (DRP)
    • GP-101 Information security
    • GP-200 Remote Data Acquisition in Clinical Investigations
    • GP-026 Market-specific product requirements
    • GP-110 Esquema Nacional de Seguridad
  • Records
  • Legit.Health Plus Version 1.1.0.0
  • Legit.Health Plus Version 1.1.0.1
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • Public tenders
  • Procedures
  • GP-024 Cybersecurity Risk Management
  • Templates
  • T-025-005 Security Risk Testing Report

T-025-005 Security Risk Testing Report

Instructions

Provide a link to the security risk testing report, which should have the following sections:

  • Introduction: This section sets the stage by providing background information and defining the boundaries of the analysis.
  • Methodology: This outlines the approach taken for the analysis, including the tools used.
  • Synthesis: This section presents a summary of the findings, including the results of penetration tests, a breakdown of vulnerabilities found, and a table detailing these vulnerabilities.
  • Description of the report: This section likely elaborates on the vulnerabilities identified and provides recommendations for remediation.
  • Static Analysis: This part focuses on the security analysis of the Android application itself and its source code without executing it.
  • Dynamic Analysis: This section covers the analysis of the application and its environment while it is running, looking at the Android application attack surface, process filesystem, process memory, and DICOM manipulation.
  • Attacks on models: This suggests an analysis or testing of security related to data models, potentially machine learning models, within the system.
  • Penetration test results: This section likely provides detailed results from the penetration testing, specifically mentioning a vulnerable dependency (DCMTK) and Android app code obfuscation.
Previous
T-024-004 Security Risk Assessment Report
Next
GP-024 Deprecated Cybersecurity
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)