Vulnerability scanners Sample Clauses

Vulnerability scanners. This section describes the two scanning engines used by the WISER vulnerability scanning service, • W3af and • OWASP ZAP The detailed description in a similar matter as the description of sensors above is provided below. Additionally, the list of vulnerability sensors can be extended since the architecture allows additions of new scanners. TEST FAMILY Automated website vulnerability scanner. Producer Xxxxxx Xxxxxxx License and cost Released under GPLv2.0. SCOPE and vulnerabilities detected Detects website vulnerabilities. Software or hardware Software. Mode of operation The scanner examines the target website by sending various requests and looking for server's responses that suggest presence of vulnerabilities. W3af outputs a report in the form of an XML document, which is parsed and transformed to a WISER-friendly format by the Wiser Risk Assessment Engine Backend (WRAPB) service. Reports are sent to the user with a description of detected vulnerabilities, their estimated impact severity and suggested mitigation measures. Installation requirements The test is performed remotely. No installation is required on the target system, except for the validation token upload. The token is one small text file that should be uploaded to the target website and made accessible for the testing service. Administrative access to the target web service is needed for the token upload. While the bandwidth usage of the test is not high, it is possible that the target web application is less responsive to other requests during the running of the test due to the number of requests send by the testing service. Test phase and go live Validation token comparison is performed before running the scanner to ensure that the user is the owner of the target website. Risks involved with the installation process The test is not meant to harm the target web application, but if there are significant errors in the target application, the requests from the automated test can potentially cause it to malfunction (crash) or that some data is changed on the target system. Responsibilities and management process The person which initiates the automated test is responsible for potential unavailability or malfunction of the target system. WISER or the developer of the test should not be held responsible for any potential incidents related to running the test. Maintenance No maintenance or updates are needed on the client's side, because the testing infrastructure is hosted by WISER. SCANNER NAME O...
Sample 1
AutoNDA by SimpleDocs

Related to Vulnerability scanners

  • Vulnerability Management BNY Mellon will maintain a documented process to identify and remediate security vulnerabilities affecting its systems used to provide the services. BNY Mellon will classify security vulnerabilities using industry recognized standards and conduct continuous monitoring and testing of its networks, hardware and software including regular penetration testing and ethical hack assessments. BNY Mellon will remediate identified security vulnerabilities in accordance with its process.

  • Searchability Offering searchability capabilities on the Directory Services is optional but if offered by the Registry Operator it shall comply with the specification described in this section. 1.10.1 Registry Operator will offer searchability on the web-­‐based Directory Service. 1.10.2 Registry Operator will offer partial match capabilities, at least, on the following fields: domain name, contacts and registrant’s name, and contact and registrant’s postal address, including all the sub-­‐fields described in EPP (e.g., street, city, state or province, etc.). 1.10.3 Registry Operator will offer exact-­‐match capabilities, at least, on the following fields: registrar id, name server name, and name server’s IP address (only applies to IP addresses stored by the registry, i.e., glue records). 1.10.4 Registry Operator will offer Boolean search capabilities supporting, at least, the following logical operators to join a set of search criteria: AND, OR, NOT. 1.10.5 Search results will include domain names matching the search criteria. 1.10.6 Registry Operator will: 1) implement appropriate measures to avoid abuse of this feature (e.g., permitting access only to legitimate authorized users); and 2) ensure the feature is in compliance with any applicable privacy laws or policies.

  • Scoring The number of routes each company operates (Route # 0001-2999, 8000-8199) will be multiplied by 2 to determine the daily number of trips. (Only accidents, breakdowns and service reports related to routes falling in this range will be used for the evaluation). The daily number of trips will be multiplied by 175 to arrive at the annual number of trips. The number of accidents, breakdowns and service complaints will be divided by the total number of trips to calculate a percent figure. Each company’s percentage will be compared to the total average. See below for a sample. BUS COMPANY NUMBER OF TOTAL BKDN PERCENT ACCIDENTS PERCENT2 SERVICE PERCENT3 ROUTES TRIPS BKDN ACCIDENTS REPORTS COMPLAINTS TO TRIPS TO TRIPS TO TRIPS A 360 58680 3 0.01% 27 0.05% 46 0.08% B 48 7824 3 0.04% 4 0.05% 39 0.50% C 123 20049 11 0.05% 9 0.04% 27 0.13% D 91 14833 0.00% 10 0.07% 11 0.07% E 124 20212 20 0.10% 19 0.09% 18 0.09% TOTALS 746 121598 37 0.03% 69 0.06% 141 0.12% To score, if a company’s percentage is less than or equal to the total percentage for that category, the company will be awarded 6 points per category. Percentages greater than the total percentage for each distinct category (Accident, Breakdown, Service Complaints) will be scored according to the following scale: Less than-Equal to Ave. 6 points 0-3% above average 5 points 4-7% above average 4 points 5-8% above average 3 points 9-12% above average 2 points 13-16% 1 points Greater than 17% 0 points Any circumstance whereby a Breakdown or Accident is found by PTS to be ‘Non Reported’ by vendor within the required timeframe (see G-36) will count as (20) ‘Reported’ instances for the purpose of this Contractor Evaluation Scoring.

  • Screening After you sign and date the consent document, you will begin screening. The purpose of the screening is to find out if you meet all of the requirements to take part in the study. Procedures that will be completed during the study (including screening) are described below. If you do not meet the requirements, you will not be able to take part in the study. The study investigator or study staff will explain why. As part of screening, you must complete all of the items listed below: • Give your race, age, gender, and ethnicity • Give your medical history o You must review and confirm the information in your medical history questionnaire • Give your drug, alcohol, and tobacco use history • Give your past and current medication and treatment history. This includes any over-the-counter or prescription drugs, such as vitamins, dietary supplements, or herbal supplements, taken in the past 28 days • Height and weight will be measured • Physical exam will be done • Electrocardiogram (ECG) will be collected. An ECG measures the electrical activity of the heart • You may be tested for COVID-19 o Blood tests for human immunodeficiency virus (HIV), hepatitis B, and hepatitis C o Blood tests to see how your blood clots ▪ Fibrinogen ▪ PT/INR/aPTT o Blood tests for amylase and lipase (enzymes that help with digestion, Part B only) o Blood tests for a lipid (fats) panel (Part B only) ▪ Total cholesterol ▪ Triglycerides ▪ HDL ▪ Direct HDL o Blood tests to check your thyroid function (Part B and Part C only) ▪ TSH ▪ Free T4 o Urine to test for drugs of abuse (illegal and prescription) o Urine tests to check your albumin/ creatinine ratio o Females who have not had a period for at least 12 months in a row will have a blood hormone test to confirm they cannot have children • The study investigator may decide to do an alcohol breath test • The use of proper birth control will be reviewed (males only) • You will be asked “How do you feel?” HIV, hepatitis B, and hepatitis C will be tested at screening. If anyone is exposed to your blood during the study, you will have these tests done again. If you have a positive test, you cannot be in or remain in the study. HIV is the virus that causes acquired immunodeficiency syndrome (AIDS). If your HIV test is positive, you will be told about the results. It may take weeks or months after being infected with HIV for the test to be positive. The HIV test is not always right. Having certain infections or positive test results may have to be reported to the State Department of Health. This includes results for HIV, hepatitis, and other infections. If you have any questions about what information is required to be reported, please ask the study investigator or study staff. Although this testing is meant to be private, complete privacy cannot be guaranteed. For example, it is possible for a court of law to get health or study records without your permission.

  • Message Screening 7.4.4.4.1 BellSouth shall set message screening parameters so as to accept valid messages from MRC local or tandem switching systems destined to any signaling point within BellSouth’s SS7 network where the MRC switching system has a valid signaling relationship. 7.4.4.4.2 BellSouth shall set message screening parameters so as to pass valid messages from MRC local or tandem switching systems destined to any signaling point or network accessed through BellSouth’s SS7 network where the MRC switching system has a valid signaling relationship. 7.4.4.4.3 BellSouth shall set message screening parameters so as to accept and pass/send valid messages destined to and from MRC from any signaling point or network interconnected through BellSouth’s SS7 network where the MRC SCP has a valid signaling relationship.

  • Disturbance Analysis Data Exchange The Parties will cooperate with one another and the NYISO in the analysis of disturbances to either the Large Generating Facility or the New York State Transmission System by gathering and providing access to any information relating to any disturbance, including information from disturbance recording equipment, protective relay targets, breaker operations and sequence of events records, and any disturbance information required by Good Utility Practice.

  • Encryption The Fund acknowledges and agrees that encryption may not be available for every communication through the System, or for all data. The Fund agrees that Custodian may deactivate any encryption features at any time, without notice or liability to the Fund, for the purpose of maintaining, repairing or troubleshooting the System or the Software.

  • Safety Measures Awarded vendor shall take all reasonable precautions for the safety of employees on the worksite, and shall erect and properly maintain all necessary safeguards for protection of workers and the public. Awarded vendor shall post warning signs against all hazards created by the operation and work in progress. Proper precautions shall be taken pursuant to state law and standard practices to protect workers, general public and existing structures from injury or damage.

  • Intrusion Detection All systems involved in accessing, holding, transporting, and protecting DHCS PHI or PI that are accessible via the Internet must be protected by a comprehensive intrusion detection and prevention solution.

  • Data Encryption Contractor must encrypt all State data at rest and in transit, in compliance with FIPS Publication 140-2 or applicable law, regulation or rule, whichever is a higher standard. All encryption keys must be unique to State data. Contractor will secure and protect all encryption keys to State data. Encryption keys to State data will only be accessed by Contractor as necessary for performance of this Contract.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!