Application Vulnerability Assessment Sample Clauses

Application Vulnerability Assessment. Supplier will comply with this Section 15.7 if Supplier is providing Accenture with access to or the use of any software, including software-as-a-service or cloud-based software. Supplier will perform an application security vulnerability assessment prior to any new release. The test must cover all application and/or software vulnerabilities defined by the OWASP or those listed in the SANS Top Cyber Security Risks or its successor current at the time of the test. Supplier will ensure all high-risk vulnerabilities are resolved prior to release. Supplier will provide a summary of the test results including any open remediation points upon request. Supplier will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days
Sample 1Sample 2Sample 3See All (38)
AutoNDA by SimpleDocs
Application Vulnerability Assessment. Jamf will perform an application security vulnerability assessment prior to any new public release. Jamf will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days of discovery.
Sample 1Sample 2Sample 3See All (5)
Application Vulnerability Assessment. Contractor shall perform a non-intrusive vulnerability assessment on web applications and web services; scan the web applications and web services without credentials to identify vulnerabilities related to the OWASP top 10 vulnerabilities and SANS top 25 programming errors; scan the web applications and web services with credentials to identify vulnerabilities related to the OWASP top 10 vulnerabilities and SANS top 25 programming errors. The initial web applications and web services assessment should be a xxxx box approach with the chosen Contractor only having knowledge of the IP information, but having no other knowledge with the web application. The chosen Contractor should perform a non-intrusive vulnerability assessment to discover if access can be discovered, programming flaws, data leakage, and information that could allow an intruder to attack the web applications. The second part of the web applications and web services assessment included a provide role(s) with access to the application(s). The vulnerability assessment of the chosen Contractor will be a non-intrusive security test. A walk through of the application will be very limited and will be at a high level to allow the chosen Contractor to review the application at first glance as a discovery. The high level walk through will include all IPs and URLs only. The application(s) vulnerability assessment should address at the very minimum: • Injection • Broken Authentication and Session Management • Cross-Site Scripting (XSS) • Insecure Direct Object References • Security Misconfiguration • Sensitive Data Exposure • Missing Function Level Access • Cross-Site Request Forgery (CSRF) • Using Known Vulnerable Components • Invalidated Redirects and Forwards The cabinet shall have a copy of the application vulnerability assessment within 14 working days of its execution. The Contractor will provide a mediation plan which meets risk assignment and in agreement with the Commonwealth.
Sample 1Sample 2Sample 3See All (4)
Application Vulnerability Assessment. Supplier will comply with this Section if Supplier is providing Accenture with access to or the use of any software, including software-as-a-service or cloud-based software. Supplier will perform an application security vulnerability assessment prior to any new release. The test must cover all application and/or software vulnerabilities defined by the OWASP or those listed in the SANS Top Cyber Security Risks or its successor current at the time of the test. Supplier will ensure all high-risk
Sample 1
Application Vulnerability Assessment. Supplier will comply with this Clause 15.7 if Supplier is providing Accenture with access to or the use of any software, including software-as-a-service or cloud-based software. Supplier will perform an application security vulnerability assessment prior to any new release. The test must cover all application and/or software vulnerabilities defined by the OWASP or those listed in the SANS Top Cyber Security Risks or its successor current at the time of the test. Supplier will ensure all high-risk vulnerabilities are resolved prior to release. Supplier will provide a summary of the test results including any open remediation points upon request. Supplier will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days. data, xxx kekayaan intelektual Accenture atau kliennya atau Supplier lain, yang dikumpulkan, disimpan, di-hosting, diproses, diterima, xxx/atau dihasilkan oleh Supplier sehubungan dengan penyediaan Hasil Kerja kepada Accenture, termasuk Data Pribadi Accenture.
Sample 1
Application Vulnerability Assessment. Supplier will comply with this Section
Sample 1
Application Vulnerability Assessment. Provider will perform application security vulnerability assessments prior to any release and on a recurring basis. The assessments must cover all web application, mobile application, stand-alone application, embedded software, and firmware vulnerabilities defined by the Open Web Application Security Project (OWASP) or those listed in the SANS Top 25 Software Errors or its successor current at the time of the test. Provider will ensure all critical and high-risk vulnerabilities are remediated prior to release. On a recurring basis, Provider shall ensure that emergency/critical vulnerabilities are addressed urgently and as soon as practicable within fourteen (14) days; high-risk vulnerabilities are addressed within thirty (30) days; and medium-risk vulnerabilities are addressed within ninety (90) days. This applies to web application, mobile application, stand-alone application, embedded software, and firmware development as appropriate to the Agreement. In the event that Provider Services include application vulnerability management for applications owned by Accenture or its client, Provider shall document and implement an application vulnerability assessment and remediation plan that is to be approved by Accenture.
Sample 1
AutoNDA by SimpleDocs

Related to Application Vulnerability Assessment

  • Security Assessment If Accenture reasonably determines, or in good faith believes, that Supplier’s security practices or procedures do not meet Supplier’s obligations under the Agreement, then Accenture will notify Supplier of the deficiencies. Supplier will without unreasonable delay: (i) correct such deficiencies at its own expense; (ii) permit Accenture, or its duly authorized representatives, to assess Supplier’s security-related activities that are relevant to the Agreement; and (iii) timely complete a security questionnaire from Accenture on a periodic basis upon Accenture’s request. Security issues identified by Accenture will be assigned risk ratings and an agreed-to timeframe to remediate. Supplier will remediate all the security issues identified within the agreed to timeframes. Upon Supplier’s failure to remediate any high or medium rated security issues within the stated timeframes, Accenture may terminate the Agreement in accordance with Section 8 above.

  • Risk Assessment An assessment of any risks inherent in the work requirements and actions to mitigate these risks.

  • Conformity Assessment Procedures 1. Each Party shall give positive consideration to accepting the results of conformity assessment procedures of other Parties, even where those procedures differ from its own, provided it is satisfied that those procedures offer an assurance of conformity with applicable technical regulations or standards equivalent to its own procedures. 2. Each Party shall seek to enhance the acceptance of the results of conformity assessment procedures conducted in the territories of other Parties with a view to increasing efficiency, avoiding duplication and ensuring cost effectiveness of the conformity assessments. In this regard, each Party may choose, depending on the situation of the Party and the specific sectors involved, a broad range of approaches. These may include but are not limited to: (a) recognition by a Party of the results of conformity assessments performed in the territory of another Party; (b) recognition of co-operative arrangements between accreditation bodies in the territories of the Parties; (c) mutual recognition of conformity assessment procedures conducted by bodies located in the territory of each Party; (d) accreditation of conformity assessment bodies in the territory of another Party; (e) use of existing regional and international multilateral recognition agreements and arrangements; (f) designating conformity assessment bodies located in the territory of another Party to perform conformity assessment; and (g) suppliers’ declaration of conformity. 3. Each Party shall exchange information with other Parties on its experience in the development and application of the approaches in Paragraph 2(a) to (g) and other appropriate approaches with a view to facilitating the acceptance of the results of conformity assessment procedures. 4. A Party shall, upon request of another Party, explain its reasons for not accepting the results of any conformity assessment procedure performed in the territory of that other Party.

  • Data Protection Impact Assessment If, pursuant to Data Protection Law, Customer (or its Controllers) are required to perform a data protection impact assessment or prior consultation with a regulator, at Customer’s request, SAP will provide such documents as are generally available for the Cloud Service (for example, this DPA, the Agreement, audit reports or certifications). Any additional assistance shall be mutually agreed between the Parties.

  • Vulnerability Management BNY Mellon will maintain a documented process to identify and remediate security vulnerabilities affecting its systems used to provide the services. BNY Mellon will classify security vulnerabilities using industry recognized standards and conduct continuous monitoring and testing of its networks, hardware and software including regular penetration testing and ethical hack assessments. BNY Mellon will remediate identified security vulnerabilities in accordance with its process.

  • Diagnostic Assessment 6.3.1 Boards shall provide a list of pre-approved assessment tools consistent with their Board improvement plan for student achievement and which is compliant with Ministry of Education PPM (PPM 155: Diagnostic Assessment in Support of Student Learning, date of issue January 7, 2013). 6.3.2 Teachers shall use their professional judgment to determine which assessment and/or evaluation tool(s) from the Board list of preapproved assessment tools is applicable, for which student(s), as well as the frequency and timing of the tool. In order to inform their instruction, teachers must utilize diagnostic assessment during the school year.

  • Searchability Offering searchability capabilities on the Directory Services is optional but if offered by the Registry Operator it shall comply with the specification described in this section. 1.10.1 Registry Operator will offer searchability on the web-­‐based Directory Service. 1.10.2 Registry Operator will offer partial match capabilities, at least, on the following fields: domain name, contacts and registrant’s name, and contact and registrant’s postal address, including all the sub-­‐fields described in EPP (e.g., street, city, state or province, etc.). 1.10.3 Registry Operator will offer exact-­‐match capabilities, at least, on the following fields: registrar id, name server name, and name server’s IP address (only applies to IP addresses stored by the registry, i.e., glue records). 1.10.4 Registry Operator will offer Boolean search capabilities supporting, at least, the following logical operators to join a set of search criteria: AND, OR, NOT. 1.10.5 Search results will include domain names matching the search criteria. 1.10.6 Registry Operator will: 1) implement appropriate measures to avoid abuse of this feature (e.g., permitting access only to legitimate authorized users); and 2) ensure the feature is in compliance with any applicable privacy laws or policies.

  • Needs Assessment 1. The Contractor shall conduct a cultural and linguistic group-needs assessment of the eligible client population in the Contractor’s service area to assess the language needs of the population and determine what reasonable steps are necessary to ensure meaningful access to services and activities to eligible individuals. [22 CCR 98310, 98314] The group-needs assessment shall take into account the following four (4) factors: a. Number or proportion of persons with Limited English Proficiency (LEP) eligible to be served or encountered by the program. b. Frequency with which LEP individuals come in contact with the program. c. Nature and importance of the services provided. d. Local or frequently used resources available to the Contractor. This group-needs assessment will serve as the basis for the Contractor’s determination of “reasonable steps” and provide documentary evidence of compliance with Cal. Gov. Code § 11135 et seq.; 2 CCR 11140, 2 CCR 11200 et seq., and 22 CCR98300 et seq. 2. The Contractor shall prepare and make available a report of the findings of the group-needs assessment that summarizes: a. Methodologies used. b. The linguistic and cultural needs of non-English speaking or LEP groups. c. Services proposed to address the needs identified and a timeline for implementation. [22 CCR 98310] 3. The Contractor shall maintain a record of the group-needs assessment on file at the Contractor’s headquarters at all times during the term of this Agreement. [22 CCR 98310, 98313]

  • Loss Assessment We will pay up to $1000 for your share of loss assessment charged during the policy period against you by a corporation or as- sociation of property owners, when the assess- ment is made as a result of:

  • Infrastructure Vulnerability Scanning Supplier will scan its internal environments (e.g., servers, network devices, etc.) related to Deliverables monthly and external environments related to Deliverables weekly. Supplier will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!