Application Vulnerability Assessment Sample Clauses

Application Vulnerability Assessment. Supplier will comply with this Section 15.7 if Supplier is providing Accenture with access to or the use of any software, including software-as-a-service or cloud-based software. Supplier will perform an application security vulnerability assessment prior to any new release. The test must cover all application and/or software vulnerabilities defined by the OWASP or those listed in the SANS Top Cyber Security Risks or its successor current at the time of the test. Supplier will ensure all high-risk vulnerabilities are resolved prior to release. Supplier will provide a summary of the test results including any open remediation points upon request. Supplier will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days
Sample 1Sample 2Sample 3See All (39)
AutoNDA by SimpleDocs
Application Vulnerability Assessment. Jamf will perform an application security vulnerability assessment prior to any new public release. Jamf will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days of discovery.
Sample 1Sample 2Sample 3See All (5)
Application Vulnerability Assessment. Contractor shall perform a non-intrusive vulnerability assessment on web applications and web services; scan the web applications and web services without credentials to identify vulnerabilities related to the OWASP top 10 vulnerabilities and SANS top 25 programming errors; scan the web applications and web services with credentials to identify vulnerabilities related to the OWASP top 10 vulnerabilities and SANS top 25 programming errors. The initial web applications and web services assessment should be a xxxx box approach with the chosen Contractor only having knowledge of the IP information, but having no other knowledge with the web application. The chosen Contractor should perform a non-intrusive vulnerability assessment to discover if access can be discovered, programming flaws, data leakage, and information that could allow an intruder to attack the web applications. The second part of the web applications and web services assessment included a provide role(s) with access to the application(s). The vulnerability assessment of the chosen Contractor will be a non-intrusive security test. A walk through of the application will be very limited and will be at a high level to allow the chosen Contractor to review the application at first glance as a discovery. The high level walk through will include all IPs and URLs only. The application(s) vulnerability assessment should address at the very minimum: • Injection • Broken Authentication and Session Management • Cross-Site Scripting (XSS) • Insecure Direct Object References • Security Misconfiguration • Sensitive Data Exposure • Missing Function Level Access • Cross-Site Request Forgery (CSRF) • Using Known Vulnerable Components • Invalidated Redirects and Forwards The cabinet shall have a copy of the application vulnerability assessment within 14 working days of its execution. The Contractor will provide a mediation plan which meets risk assignment and in agreement with the Commonwealth.
Sample 1Sample 2Sample 3See All (4)
Application Vulnerability Assessment. Provider will perform application security vulnerability assessments prior to any release and on a recurring basis. The assessments must cover all web application, mobile application, stand-alone application, embedded software, and firmware vulnerabilities defined by the Open Web Application Security Project (OWASP) or those listed in the SANS Top 25 Software Errors or its successor current at the time of the test. Provider will ensure all critical and high-risk vulnerabilities are remediated prior to release. On a recurring basis, Provider shall ensure that emergency/critical vulnerabilities are addressed urgently and as soon as practicable within fourteen (14) days; high-risk vulnerabilities are addressed within thirty (30) days; and medium-risk vulnerabilities are addressed within ninety (90) days. This applies to web application, mobile application, stand-alone application, embedded software, and firmware development as appropriate to the Agreement. In the event that Provider Services include application vulnerability management for applications owned by Accenture or its client, Provider shall document and implement an application vulnerability assessment and remediation plan that is to be approved by Accenture.
Sample 1
Application Vulnerability Assessment. Supplier will comply with this Clause 15.7 if Supplier is providing Accenture with access to or the use of any software, including software-as-a-service or cloud-based software. Supplier will perform an application security vulnerability assessment prior to any new release. The test must cover all application and/or software vulnerabilities defined by the OWASP or those listed in the SANS Top Cyber Security Risks or its successor current at the time of the test. Supplier will ensure all high-risk vulnerabilities are resolved prior to release. Supplier will provide a summary of the test results including any open remediation points upon request. Supplier will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days. data, xxx kekayaan intelektual Accenture atau kliennya atau Supplier lain, yang dikumpulkan, disimpan, di-hosting, diproses, diterima, xxx/atau dihasilkan oleh Supplier sehubungan dengan penyediaan Hasil Kerja kepada Accenture, termasuk Data Pribadi Accenture.
Sample 1

Related to Application Vulnerability Assessment

  • Security Assessment If Accenture reasonably determines, or in good faith believes, that Supplier’s security practices or procedures do not meet Supplier’s obligations under the Agreement, then Accenture will notify Supplier of the deficiencies. Supplier will without unreasonable delay: (i) correct such deficiencies at its own expense; (ii) permit Accenture, or its duly authorized representatives, to assess Supplier’s security-related activities that are relevant to the Agreement; and (iii) timely complete a security questionnaire from Accenture on a periodic basis upon Accenture’s request. Security issues identified by Accenture will be assigned risk ratings and an agreed-to timeframe to remediate. Supplier will remediate all the security issues identified within the agreed to timeframes. Upon Supplier’s failure to remediate any high or medium rated security issues within the stated timeframes, Accenture may terminate the Agreement in accordance with Section 8 above.

  • Conformity Assessment 1. The Parties recognize that a broad range of mechanisms exists to facilitate the acceptance of conformity assessment procedures and results thereby, including:

  • Risk Assessment An assessment of any risks inherent in the work requirements and actions to mitigate these risks.

  • Conformity Assessment Procedures 1. Each Party shall give positive consideration to accepting the results of conformity assessment procedures of other Parties, even where those procedures differ from its own, provided it is satisfied that those procedures offer an assurance of conformity with applicable technical regulations or standards equivalent to its own procedures.

  • Data Protection Impact Assessment If, pursuant to Data Protection Law, Customer (or its Controllers) are required to perform a data protection impact assessment or prior consultation with a regulator, at Customer’s request, SAP will provide such documents as are generally available for the Cloud Service (for example, this DPA, the Agreement, audit reports or certifications). Any additional assistance shall be mutually agreed between the Parties.

  • Diagnostic Assessment 6.3.1 Boards shall provide a list of pre-approved assessment tools consistent with their Board improvement plan for student achievement and which is compliant with Ministry of Education PPM (PPM 155: Diagnostic Assessment in Support of Student Learning, date of issue January 7, 2013).

  • Searchability Offering searchability capabilities on the Directory Services is optional but if offered by the Registry Operator it shall comply with the specification described in this section.

  • Needs Assessment 1. The Contractor shall conduct a cultural and linguistic group-needs assessment of the eligible client population in the Contractor’s service area to assess the language needs of the population and determine what reasonable steps are necessary to ensure meaningful access to services and activities to eligible individuals. [22 CCR 98310, 98314] The group-needs assessment shall take into account the following four (4) factors:

  • Evaluation Cycle: Formative Assessment A) A specific purpose for evaluation is to promote student learning, growth and achievement by providing Educators with feedback for improvement. Evaluators are expected to make frequent unannounced visits to classrooms. Evaluators are expected to give targeted constructive feedback to Educators based on their observations of practice, examination of artifacts, and analysis of multiple measures of student learning, growth and achievement in relation to the Standards and Indicators of Effective Teaching Practice.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!