CSIS is a web application for managing the security of a set of applications and infrastructures in a collaborative manner.
It helps :
· Cybersecurity analysts to present and organize vulnerabilities ;
· Developers, system and software architects and more generally anyone involved in the development cycle to understand the vulnerabilities that must be corrected within the framework of the development cycle of an application and infrastructures;
· Managers of development teams and security managers (CISO, product owner) to manage the advancement and management of cybersecurity of assets in their portfolio.
CSIS makes it possible to bring together the occurrences of vulnerabilities collected from various scanners and utilities on the market (Qualys, ZAP Proxy, Burp Suite, Nessus, manual collection, etc.).
CSIS makes it possible to group (aggregate) the occurrences of vulnerabilities into aggregates. The occurrences of vulnerabilities are grouped according to their common points (type of vulnerability, category, remediation solution, etc.).
CSIS makes it possible to organize and represent these aggregates in scan type reports or pentest-type reports. The reports present a managerial summary for decision-makers and a technical view of the aggregates with more technical details.
Each aggregate can be associated with a remediation action that will be assigned to one or more people in the development cycle.
These remedial actions may have dependencies.
Use a Mozilla FireFox (v75 or higher), Google Chrome (v82 or higher) browser. Other browsers may work but have not been tested.
 CSIS : Computer Security Information System.