Application Vulnerability Assessment Clause Samples

The Application Vulnerability Assessment clause requires regular evaluation of software applications to identify and address security weaknesses. Typically, this involves conducting periodic scans or tests—such as penetration testing or code reviews—on applications used or developed by a party, often with specified frequency and reporting requirements. By mandating these assessments, the clause helps ensure that vulnerabilities are detected and remediated proactively, thereby reducing the risk of security breaches and protecting sensitive data.
POPULAR SAMPLE Copied 6 times
Application Vulnerability Assessment. Jamf will perform an application security vulnerability assessment prior to any new public release. Jamf will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days of discovery.
View SourceView Similar (5)
Application Vulnerability Assessment. Supplier will comply with this Section 15.7 if Supplier is providing Accenture with access to or the use of any software, including software-as-a-service or cloud-based software. Supplier will perform an application security vulnerability assessment prior to any new release. The test must cover all application and/or software vulnerabilities defined by the OWASP or those listed in the SANS Top Cyber Security Risks or its successor current at the time of the test. Supplier will ensure all high-risk vulnerabilities are resolved prior to release. Supplier will provide a summary of the test results including any open remediation points upon request. Supplier will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days
View SourceView Similar (38)
Application Vulnerability Assessment. Contractor shall perform a non-intrusive vulnerability assessment on web applications and web services; scan the web applications and web services without credentials to identify vulnerabilities related to the OWASP top 10 vulnerabilities and SANS top 25 programming errors; scan the web applications and web services with credentials to identify vulnerabilities related to the OWASP top 10 vulnerabilities and SANS top 25 programming errors. The initial web applications and web services assessment should be a ▇▇▇▇ box approach with the chosen Contractor only having knowledge of the IP information, but having no other knowledge with the web application. The chosen Contractor should perform a non-intrusive vulnerability assessment to discover if access can be discovered, programming flaws, data leakage, and information that could allow an intruder to attack the web applications. The second part of the web applications and web services assessment included a provide role(s) with access to the application(s). The vulnerability assessment of the chosen Contractor will be a non-intrusive security test. A walk through of the application will be very limited and will be at a high level to allow the chosen Contractor to review the application at first glance as a discovery. The high level walk through will include all IPs and URLs only. The application(s) vulnerability assessment should address at the very minimum: • Injection • Broken Authentication and Session Management • Cross-Site Scripting (XSS) • Insecure Direct Object References • Security Misconfiguration • Sensitive Data Exposure • Missing Function Level Access • Cross-Site Request Forgery (CSRF) • Using Known Vulnerable Components • Invalidated Redirects and Forwards The cabinet shall have a copy of the application vulnerability assessment within 14 working days of its execution. The Contractor will provide a mediation plan which meets risk assignment and in agreement with the Commonwealth.
View SourceView Similar (4)
Application Vulnerability Assessment. Supplier will comply with this Section if Supplier is providing Accenture with access to or the use of any software, including software-as-a-service or cloud-based software. Supplier will perform an application security vulnerability assessment prior to any new release. The test must cover all application and/or software vulnerabilities defined by the OWASP or those listed in the SANS Top Cyber Security Risks or its successor current at the time of the test. Supplier will ensure all high-risk
View SourceView Similar (3)
Application Vulnerability Assessment. Supplier will perform an application security vulnerability assessment prior to any new public release. Supplier will have a defined and documented process to address any findings commensurate to the risk posed.
View SourceView Similar (2)
Application Vulnerability Assessment. Provider will perform application security vulnerability assessments prior to any release and on a recurring basis. The assessments must cover all web application, mobile application, stand-alone application, embedded software, and firmware vulnerabilities defined by the Open Web Application Security Project (OWASP) or those listed in the SANS Top 25 Software Errors or its successor current at the time of the test. Provider will ensure all critical and high-risk vulnerabilities are remediated prior to release. On a recurring basis, Provider shall ensure that emergency/critical vulnerabilities are addressed urgently and as soon as practicable within fourteen (14) days; high-risk vulnerabilities are addressed within thirty (30) days; and medium-risk vulnerabilities are addressed within ninety (90) days. This applies to web application, mobile application, stand-alone application, embedded software, and firmware development as appropriate to the Agreement. In the event that Provider Services include application vulnerability management for applications owned by Accenture or its client, Provider shall document and implement an application vulnerability assessment and remediation plan that is to be approved by Accenture.
View SourceView Similar (2)
Application Vulnerability Assessment. We will perform an application security vulnerability assessment prior to any new public release. We will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days of discovery.
View Source
Application Vulnerability Assessment. Supplier will comply with this Clause 15.7 if Supplier is providing Accenture with access to or the use of any software, including software-as-a-service or cloud-based software. Supplier will perform an application security vulnerability assessment prior to any new release. The test must cover all application and/or software vulnerabilities defined by the OWASP or those listed in the SANS Top Cyber Security Risks or its successor current at the time of the test. Supplier will ensure all high-risk vulnerabilities are resolved prior to release. Supplier will provide a summary of the test results including any open remediation points upon request. Supplier will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days. data, ▇▇▇ kekayaan intelektual Accenture atau kliennya atau Supplier lain, yang dikumpulkan, disimpan, di-hosting, diproses, diterima, ▇▇▇/atau dihasilkan oleh Supplier sehubungan dengan penyediaan Hasil Kerja kepada Accenture, termasuk Data Pribadi Accenture.
View Source
Application Vulnerability Assessment. Supplier will comply with this Section
View Source

Related to Application Vulnerability Assessment

  • Security Assessment If Accenture reasonably determines, or in good faith believes, that Supplier’s security practices or procedures do not meet Supplier’s obligations under the Agreement, then Accenture will notify Supplier of the deficiencies. Supplier will without unreasonable delay: (i) correct such deficiencies at its own expense; (ii) permit Accenture, or its duly authorized representatives, to assess Supplier’s security-related activities that are relevant to the Agreement; and (iii) timely complete a security questionnaire from Accenture on a periodic basis upon Accenture’s request. Security issues identified by Accenture will be assigned risk ratings and an agreed-to timeframe to remediate. Supplier will remediate all the security issues identified within the agreed to timeframes. Upon Supplier’s failure to remediate any high or medium rated security issues within the stated timeframes, Accenture may terminate the Agreement in accordance with Section 8 above.

  • Risk Assessment An assessment of any risks inherent in the work requirements and actions to mitigate these risks.

  • Conformity Assessment Procedures 1. Each Party shall give positive consideration to accepting the results of conformity assessment procedures of other Parties, even where those procedures differ from its own, provided it is satisfied that those procedures offer an assurance of conformity with applicable technical regulations or standards equivalent to its own procedures. 2. Each Party shall seek to enhance the acceptance of the results of conformity assessment procedures conducted in the territories of other Parties with a view to increasing efficiency, avoiding duplication and ensuring cost effectiveness of the conformity assessments. In this regard, each Party may choose, depending on the situation of the Party and the specific sectors involved, a broad range of approaches. These may include but are not limited to: (a) recognition by a Party of the results of conformity assessments performed in the territory of another Party; (b) recognition of co-operative arrangements between accreditation bodies in the territories of the Parties; (c) mutual recognition of conformity assessment procedures conducted by bodies located in the territory of each Party; (d) accreditation of conformity assessment bodies in the territory of another Party; (e) use of existing regional and international multilateral recognition agreements and arrangements; (f) designating conformity assessment bodies located in the territory of another Party to perform conformity assessment; and (g) suppliers’ declaration of conformity. 3. Each Party shall exchange information with other Parties on its experience in the development and application of the approaches in Paragraph 2(a) to (g) and other appropriate approaches with a view to facilitating the acceptance of the results of conformity assessment procedures. 4. A Party shall, upon request of another Party, explain its reasons for not accepting the results of any conformity assessment procedure performed in the territory of that other Party.

  • Data Protection Impact Assessment If, pursuant to Data Protection Law, Customer (or its Controllers) are required to perform a data protection impact assessment or prior consultation with a regulator, at Customer’s request, SAP will provide such documents as are generally available for the Cloud Service (for example, this DPA, the Agreement, audit reports or certifications). Any additional assistance shall be mutually agreed between the Parties.

  • Vulnerability Management BNY Mellon will maintain a documented process to identify and remediate security vulnerabilities affecting its systems used to provide the services. BNY Mellon will classify security vulnerabilities using industry recognized standards and conduct continuous monitoring and testing of its networks, hardware and software including regular penetration testing and ethical hack assessments. BNY Mellon will remediate identified security vulnerabilities in accordance with its process.