Web Application Penetration Test. i. Service Provider will regularly (no less than once annually and at Service Provider’s expense) engage a recognized third party to conduct application penetration testing. ii. At a minimum, such third party will perform: i) application penetration test for internet facing web enabled applications used by Client; ii) OWASP Testing Guide (both credentialed and non-credentialed) penetration test; and iii) security related business logic penetration test; and to provide Client a summarized report prepared by the third party relevant to the applications used by Client that addresses the results of such testing. iii. Upon request by Client, Service Provider to provide a letter of attestation including scope, date and methodology of assessment. Service Provider will follow its mitigation and remediation process in #6-Risk Remediation Timelines above.
Appears in 2 contracts
Sources: Transfer Agency and Service Agreement (Eq Advisors Trust), Transfer Agency and Service Agreement (1290 Funds)