list applications

Overview

A list of applications lists all the software applications used within the system to operate as intended. This list may include server software, backend applications, desktop applications, and even supporting software that operates “behind the scenes”.

Why are they asking this?

They want an application list so that they can assess the likelihood that their data will be properly handled and protected. Some applications may have vulnerabilities or know weaknesses. Also, some applications have known weaknesses or limitations that may call into question the ability to keep data protected.

What do they expect?

They expect a list of all applications, including the application name and version number.

Can you provide a list of libraries and third-party components used (name and version) for your applications and APIs?
Are whitelisted and/or blacklisted applications documented and enforced?
Can you provide a list of current patches on hosts, including host OS patches, web servers, databases, and any other material application?