• About Us
    • Dominik Sauer
    • Patrick Sauer
  • Categories
    • binsec
    • Certification
    • Data Privacy
    • Digital Forensics
    • Information Security
    • IT Security
    • Politics
    • PCI DSS
    • Pentest
    • Press
    • Studies
    • Uncategorized
    • university lecture
      • university darmstadt
      • university brandenburg
    • Talks
  • Legal Information & Data Privacy
Sauer on Information Security | InfoSec-Blog for IT-Professionals | Patrick Sauer & Dominik Sauer

InfoSec Blog by Dominik & Patrick Sauer

XSS

MPA Content Security Program Requirements for Penetration Testing

9. June 2022 by Patrick Sauer Leave a Comment

The Content Security Program of the Motion Picture Association (MPA) specifies security requirements in three areas in its Content Security Best Practices Common Guidelines (Version 4.10 of February 8, 2022):

  • Management System
  • Physical Security
  • Digital Security

In the requirements for the management system, vulnerability scans and external penetration tests are to be carried out in number MS-2.1 in the risk management category. There a reference is made to the requirements DS-1.8 and DS-1.9.

The requirement DS-1.9 (Firewall / WAN / Perimeter Security) requires the implementation of annual penetration tests of all external IP addresses and systems. DS-1.8 also requires monthly vulnerability scans.

Furthermore, one also finds the requirement to carry out web application penetration tests (DS-15.9, Client Portal). Here are some more detailed requirements:

  • The pentest should also include any APIs.
  • The test should be carried out both with and without valid access data.
  • The typical guidelines such as the OWASP publications should be adhered to so that XSS, SQL injections, and CSRF can also be found.

It is generally recommended that penetration testing is performed by an independent third party.

Posted in: Pentest Tagged: CSRF, OWASP Top 10, SQL Injection, XSS

Sprachen

  • English
    • Deutsch

Search

Categories

  • binsec
  • binsec.tools
  • blackhole pentesting
  • Data Privacy
  • Digital Forensics
  • ISO27001
  • IT Security
  • legislative regulation
  • PCI DSS
  • Pentest
  • Politics
  • Questions and Answers (Q&A)
  • Reuning
  • Uncategorized
  • university lecture
    • THM

Copyright © 2025 Sauer on Information Security | InfoSec-Blog for IT-Professionals | Patrick Sauer & Dominik Sauer.

Omega WordPress Theme by ThemeHall

  • Deutsch (German)
  • English