Application Level Security. a. User account passwords are hashed using a secure low-entropy key derivation function, which protects against brute-force attacks. b. All applications are served exclusively via TLS with a modern configuration. c. All login pages have brute-force logging and protection. d. Two-factor authentication is supported and is mandatory for all internal administrator functions of the application. e. All code changes to our applications require code reviews via an enforced code review process. f. Automated code and dependency analysis tools are in place to identify emergent security issues. g. Regular application security penetration tests are conducted by different vendors. These tests include high-level server penetration tests across various parts of our platform (i.e. Dashboard, Designer, Editor, Hosted Sites), as well as security-focused source code reviews.
Appears in 15 contracts
Samples: Data Processing Addendum, Data Processing Addendum, Data Processing Addendum
Application Level Security. a. User account passwords are hashed using a secure low-entropy key derivation function, which protects against brute-force attacks.
b. All applications are served exclusively via TLS with a modern configuration.
c. All login pages have brute-force logging and protection.
d. Two-factor authentication is supported supported, and is mandatory for all internal administrator functions of the application.
e. All code changes to our applications require code reviews via an enforced code review process.
f. Automated code and dependency analysis tools are in place to identify emergent security issues.
g. Regular application security penetration tests are conducted by different vendors. These tests include high-level server penetration tests across various parts of our platform (i.e. Dashboard, Designer, Editor, Hosted Sites), as well as security-focused source code reviews.
Appears in 9 contracts
Samples: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement