Secure Coding Practices Sample Clauses
POPULAR SAMPLE Copied 1 times
Secure Coding Practices. UKG developers shall be trained on secure development. Applications should be written in a secure manner to implement industry practices, such as input validation, session management, SQL injection, and cross site scripting mitigation. These practices shall be tested as part of the annual penetration testing described below.
Secure Coding Practices. Computershare shall have secure development practices, including the definition, testing, and deployment of security requirements.
Secure Coding Practices. NetWitness shall have secure development practices for itself and require the same of its subcontractors, including the definition, testing, deployment, and review of security requirements.
Secure Coding Practices. Alteryx logically or physically separates environments for development, testing, and production. Licensee Content is not used in development or testing environments.
Secure Coding Practices. The following are additional secure coding practices that must be implemented as applicable:
a. User inputs and other parameters (URL, Form) must ALL be validated at both Interface and Business tiers for data type, allowed character set, numeric range, enumerated legal values. Special characters, such as those used for cross site scripting attack (XSS) and SQL injection must be stripped or otherwise rendered harmless.
b. All reasonable steps must be taken to prevent browser caching of Sensitive Information.
c. Repeated failed logins must be logged and generate alerts.
d. Passwords and other Confidential Information must be stored in encrypted format, and the encryption key strongly protected.
e. Logins and other parts of user sessions where Confidential Information is transmitted must utilize strong SSL encryption.
f. If located in different data centers, back-end connections between the web application and database must be strongly encrypted.
g. Sensitive Information or information that could be manipulated and result in information discovery must never be unencrypted in a cookie, form field or URL parameter.
h. Every application component must thoroughly be wrapped in error-trapping code so that Confidential Information is never displayed to the end-user.
i. Passwords should be changed and updated every 90 days to enforce security.
Secure Coding Practices. BigID has implemented an industry-standard secure software lifecycle, which includes the OWASP Secure Coding Practices Quick Reference Guidelines. BigID’s practices also include comprehensive security testing of all code, a risk assessment process, and secure code training for its developers.
Secure Coding Practices. RSA shall have secure development practices for itself and require the same of its subcontractors, including the definition, testing, deployment, and review of security requirements.