Web Security Audit / Assessment Sample Clauses

Web Security Audit / Assessment. Selected IT Security Audit Agency(ies) shall be responsible for the assessment of the security, vulnerabilities, threat and risks that exist in Website / Web applications of Government of Rajasthan by running Internet Vulnerability Assessment and Penetration Testing Scripts with appropriate usage of testing tools. RISL Rate Contract for Security Audit of Website(s) / Web Application(s) / portal(s) All the assessment methodology and testing procedures should be based on Industry best practices and Standards like Open Web Application Security Project (OWASP), SANS top 20, ISO27001 etc. IT Security Audit Agency should check for the below indicative list of potential threats and web attacks which are vulnerable to the Websites/ Web applications/ Portals and shall submit a detailed recommendation report for the identified vulnerability. Sr. No. Threats category Potential Threats and definitions 1. Network Threat Network Infrastructure may get exploit by attacks and intrusions due to poor configuration, weak default installation settings, wide open access controls and devices lacking the latest security patches. This threat may include: • Information Gathering: By Port scanning, banner grabbing and enumeration, attackers can easily detect device types, operation system and application version and with these information, attackers can easily attack known vulnerability. • Sniffing: aka eavesdropping – attackers monitor traffic on network for data such as plaintext passwords or configuration information • Spoofing: ▇▇▇▇▇▇▇▇▇ uses a fake source address that does not represent the actual address of the packet. Spoofing may be used to hide the original source of an attack or to work around network access control lists (ACLs) that are in place to limit host access based on source address rules • Session Hijacking • Denial of Service 2. Host Threats Host threats are directed at the system software upon which your applications are built. This includes Windows 2000, Microsoft Windows Server 2003, Internet Information Services (IIS), the .NET Framework, and SQL Server depending upon the specific server role. Top host level threats include: • Viruses, Trojan horses, and worms • Foot printing • Profiling • Password cracking • Denial of service • Arbitrary code execution • Unauthorized access 3. Input Validation Threats Attackers use deliberately malformed input into application that compromises the application. Following attacks which exploits the poor input validations are:...
View SourceView Similar (3)

Related to Web Security Audit / Assessment

  • Security Assessment If Accenture reasonably determines, or in good faith believes, that Supplier’s security practices or procedures do not meet Supplier’s obligations under the Agreement, then Accenture will notify Supplier of the deficiencies. Supplier will without unreasonable delay: (i) correct such deficiencies at its own expense; (ii) permit Accenture, or its duly authorized representatives, to assess Supplier’s security-related activities that are relevant to the Agreement; and (iii) timely complete a security questionnaire from Accenture on a periodic basis upon Accenture’s request. Security issues identified by Accenture will be assigned risk ratings and an agreed-to timeframe to remediate. Supplier will remediate all the security issues identified within the agreed to timeframes. Upon Supplier’s failure to remediate any high or medium rated security issues within the stated timeframes, Accenture may terminate the Agreement in accordance with Section 8 above.

  • Security Audit Customer agrees that PROS’ Audit Report will be used to satisfy any audit or inspection requests by or on behalf of Customer, and PROS will make Audit Reports available to Customer upon request. PROS will promptly remediate any material weaknesses or significant control deficiencies identified in any Audit Reports. In the event that an audit opinion is qualified and the qualification has not been remediated by the date of the Audit Report, PROS shall (i) provide Customer with PROS remediation plan; and (ii) execute such plan in accordance with its terms.

  • Security Audits Each Contract Year, County may perform or have performed security reviews and testing based on an IT infrastructure review plan. Such testing shall ensure all pertinent County security standards as well as any customer agency requirements, such as federal tax requirements or HIPPA.

  • Diagnostic Assessment 6.3.1 Boards shall provide a list of pre-approved assessment tools consistent with their Board improvement plan for student achievement and which is compliant with Ministry of Education PPM (PPM 155: Diagnostic Assessment in Support of Student Learning, date of issue January 7, 2013). 6.3.2 Teachers shall use their professional judgment to determine which assessment and/or evaluation tool(s) from the Board list of preapproved assessment tools is applicable, for which student(s), as well as the frequency and timing of the tool. In order to inform their instruction, teachers must utilize diagnostic assessment during the school year.

  • Security Assessments Upon advance written notice by the JBE, Contractor agrees that the JBE shall have reasonable access to Contractor’s operational documentation, records, logs, and databases that relate to data security and the Contractor’s Information Security Program. Upon the JBE’s request, Contractor shall, at its expense, perform, or cause to have performed an assessment of Contractor’s compliance with its privacy and data security obligations. Contractor shall provide to the JBE the results, including any findings and recommendations made by Contractor’s assessors, of such assessment, and, at its expense, take any corrective actions.