Application Hardening. Supplier will comply with this Section 15.5 if Supplier is providing Accenture with access to or the use of any software, including software-as-a-service or cloud-based software. Supplier will maintain and implement secure application development policies, procedures, and standards that are aligned to Industry Standard practices (e.g., SANS Top 35 Security Development Techniques and Common Security Errors in Programming and the OWASP Top Ten project). This applies to web application, mobile application, embedded software, and firmware development. All Personnel responsible for application design, development, configuration, testing, and deployment will be qualified to perform such activities and receive appropriate training on such policies, procedures, and standards.
Application Hardening i) Jamf will maintain and implement secure application development policies, procedures and standards that are aligned to Industry Standard practices such as the SANS Top 25 Security Development Techniques or the OWASP Top Ten project.
ii) All personnel responsible for secure application design, development, configuration, testing, and deployment will be qualified to perform the Services and receive appropriate training regarding Jamf’s secure application development practices.
Application Hardening. Supplier will comply with this Section if Supplier is providing Accenture with access to or the use of any software, including software-as-a-service or cloud-based software. Supplier will maintain and implement secure application development policies, procedures, and standards that are aligned to Industry Standard practices (e.g., SANS Top 35
Application Hardening i. Provider will maintain and implement secure application development policies, procedures, and standards that are aligned to Industry Standard practices such as the SANS Top 25 Software Errors, the OWASP Top Ten project and the NIST Secure Software Development Framework (SSDF). This applies to web application, mobile application, embedded software, and firmware development as appropriate.
ii. All personnel responsible for secure application design, development, configuration, testing, and deployment will be qualified to perform the Provider Services and receive appropriate training regarding Provider’s secure application development practices.
Application Hardening. Supplier will comply with this Section
Application Hardening. From the viewpoint of WP5, in Task 5.2, we will set guidelines to improve code robustness, showcasing what is done with the CompBioMed software stack (see Appendix A of Deliverable
2.1 First Report on Fast Track Application Readiness [2]). Based on our own extensive experience with our own software, we will define good practices to enhance code robustness and stability, such as CI/CD (Continuous Integration/Continuous Development) integration (from basic ideas to complex pipelines), documentation, regression tests, performance tests, etc. We will showcase software deployment in HPC infrastructures to facilitate code access to users, assessing availability of suitable resources, access mechanisms and performance. We will define policies for dataset interoperability, selecting the proper formats, sources, location, etc. This data could include inputs for simulation codes, output of simulations for clinical analysis, data assimilation and model improvement, anonymised clinical data, experimental measurements, etc.
Application Hardening. For all software running on a device, as with the device itself, the principle of least privilege (or whitelisting) should be applied. Inputs from the outside should be sanitized; especially involved databases should possess protection measures against SQL injection [41]. In addition, similar to device hardening (4.1.8), rate limiting should be imposed. This would mean to restrict the number of connections and/or queries from a single source per time.
Application Hardening. Supplier will comply with this Section 12.5 if Supplier is providing Accenture with access to or the use of any software, including software-as-a-service or cloud-based software. Supplier will maintain and implement secure application development policies, procedures, and standards that are aligned to Industry Standard practices (e.g., SANS Top 35 Security Development Techniques and Common Security Errors in Programming and the OWASP Top Ten project). This applies to web application, mobile application, embedded software, and firmware development. All Personnel (In this Section 12, “Personnel” means Supplier’s personnel, its contractors, and its agents.) responsible for application design, development, configuration, testing, and deployment will be qualified to perform such activities and receive appropriate training on such policies, procedures, and standards.
