Application Vulnerability Assessment Clause Samples
The Application Vulnerability Assessment clause requires regular evaluation of software applications to identify and address security weaknesses. Typically, this involves conducting periodic scans or tests—such as penetration testing or code reviews—on applications used or developed by a party, often with specified frequency and reporting requirements. By mandating these assessments, the clause helps ensure that vulnerabilities are detected and remediated proactively, thereby reducing the risk of security breaches and protecting sensitive data.
POPULAR SAMPLE Copied 6 times
Application Vulnerability Assessment. Jamf will perform an application security vulnerability assessment prior to any new public release. Jamf will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days of discovery.
Application Vulnerability Assessment. Supplier will comply with this Section 15.7 if Supplier is providing Accenture with access to or the use of any software, including software-as-a-service or cloud-based software. Supplier will perform an application security vulnerability assessment prior to any new release. The test must cover all application and/or software vulnerabilities defined by the OWASP or those listed in the SANS Top Cyber Security Risks or its successor current at the time of the test. Supplier will ensure all high-risk vulnerabilities are resolved prior to release. Supplier will provide a summary of the test results including any open remediation points upon request. Supplier will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days
Application Vulnerability Assessment. Contractor shall perform a non-intrusive vulnerability assessment on web applications and web services; scan the web applications and web services without credentials to identify vulnerabilities related to the OWASP top 10 vulnerabilities and SANS top 25 programming errors; scan the web applications and web services with credentials to identify vulnerabilities related to the OWASP top 10 vulnerabilities and SANS top 25 programming errors. The initial web applications and web services assessment should be a ▇▇▇▇ box approach with the chosen Contractor only having knowledge of the IP information, but having no other knowledge with the web application. The chosen Contractor should perform a non-intrusive vulnerability assessment to discover if access can be discovered, programming flaws, data leakage, and information that could allow an intruder to attack the web applications. The second part of the web applications and web services assessment included a provide role(s) with access to the application(s). The vulnerability assessment of the chosen Contractor will be a non-intrusive security test. A walk through of the application will be very limited and will be at a high level to allow the chosen Contractor to review the application at first glance as a discovery. The high level walk through will include all IPs and URLs only. The application(s) vulnerability assessment should address at the very minimum: • Injection • Broken Authentication and Session Management • Cross-Site Scripting (XSS) • Insecure Direct Object References • Security Misconfiguration • Sensitive Data Exposure • Missing Function Level Access • Cross-Site Request Forgery (CSRF) • Using Known Vulnerable Components • Invalidated Redirects and Forwards The cabinet shall have a copy of the application vulnerability assessment within 14 working days of its execution. The Contractor will provide a mediation plan which meets risk assignment and in agreement with the Commonwealth.
Application Vulnerability Assessment. Supplier will comply with this Section if Supplier is providing Accenture with access to or the use of any software, including software-as-a-service or cloud-based software. Supplier will perform an application security vulnerability assessment prior to any new release. The test must cover all application and/or software vulnerabilities defined by the OWASP or those listed in the SANS Top Cyber Security Risks or its successor current at the time of the test. Supplier will ensure all high-risk
Application Vulnerability Assessment. Supplier will perform an application security vulnerability assessment prior to any new public release. Supplier will have a defined and documented process to address any findings commensurate to the risk posed.
Application Vulnerability Assessment. Provider will perform application security vulnerability assessments prior to any release and on a recurring basis. The assessments must cover all web application, mobile application, stand-alone application, embedded software, and firmware vulnerabilities defined by the Open Web Application Security Project (OWASP) or those listed in the SANS Top 25 Software Errors or its successor current at the time of the test. Provider will ensure all critical and high-risk vulnerabilities are remediated prior to release. On a recurring basis, Provider shall ensure that emergency/critical vulnerabilities are addressed urgently and as soon as practicable within fourteen (14) days; high-risk vulnerabilities are addressed within thirty (30) days; and medium-risk vulnerabilities are addressed within ninety (90) days. This applies to web application, mobile application, stand-alone application, embedded software, and firmware development as appropriate to the Agreement. In the event that Provider Services include application vulnerability management for applications owned by Accenture or its client, Provider shall document and implement an application vulnerability assessment and remediation plan that is to be approved by Accenture.
Application Vulnerability Assessment. We will perform an application security vulnerability assessment prior to any new public release. We will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days of discovery.
Application Vulnerability Assessment. Supplier will comply with this Clause 15.7 if Supplier is providing Accenture with access to or the use of any software, including software-as-a-service or cloud-based software. Supplier will perform an application security vulnerability assessment prior to any new release. The test must cover all application and/or software vulnerabilities defined by the OWASP or those listed in the SANS Top Cyber Security Risks or its successor current at the time of the test. Supplier will ensure all high-risk vulnerabilities are resolved prior to release. Supplier will provide a summary of the test results including any open remediation points upon request. Supplier will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days. data, ▇▇▇ kekayaan intelektual Accenture atau kliennya atau Supplier lain, yang dikumpulkan, disimpan, di-hosting, diproses, diterima, ▇▇▇/atau dihasilkan oleh Supplier sehubungan dengan penyediaan Hasil Kerja kepada Accenture, termasuk Data Pribadi Accenture.
Application Vulnerability Assessment. Supplier will comply with this Section