Sarbanes-Oxley Act (SOX)

Get started

Legislative summary
The Sarbanes-Oxley Act (SOX), which falls under the U.S. Securities and Exchange Commission (SEC), was enacted on July 30, 2002. The Sarbanes-Oxley Act focuses on regulating corporate behavior for the protection of financial records instead of enhancing the privacy and security of confidential customer information.

Sarbanes-Oxley Act compliance can be difficult because it was not written specifically with information technology or information security in mind; however, there are various sections within the act that directly affect these functions in today’s corporations. This includes how information is accessed, what leaves the corporate network and what information needs to be protected and retained over time. You should conduct web application security assessments for an initial SOX compliance risk assessment to understand your various internal controls. This can help public corporations perform audits on your systems and enhance the security of your financial data on an ongoing basis.

HP Application Security Center capabilities

• Assess your web applications for vulnerabilities that may result in the disclosure of sensitive or private information
• Verify that web application access to sensitive information is controlled by authentication and authorization
• Identify web application command injection vulnerabilities that may execute malicious code or programs
• Validate that web application inputs are properly validated and not vulnerable to command injection or cross-site scripting attacks
• Check that data communication is encrypted
• Check for vulnerability to denial of service attacks
• Check for improper application error handling
• Get detailed security assessment reports categorized by SOX sections

Learn more