Application Development Clause Samples
POPULAR SAMPLE Copied 4 times
Application Development. A. Where applicable, Contractor shall have a comprehensive secure development lifecycle System in place consistent with industry standard best practices, including policies, training, audits, testing, emergency updates, proactive management, and regular updates to the secure development lifecycle System itself.
B. Where applicable, Contractor must review and test all application code for security weaknesses and backdoors prior to deployment with DOE. All high‐risk findings and exploitable vulnerabilities must be resolved before the Application is released. A development manager of Contractor must certify in writing to the DOE that a security review has been conducted and that all risks are acceptable before every release. For further information, please refer National Institute of Standards and Technology (“NIST”) Special Publication 800‐64 Revision 2.
C. Contractors that handle Protected Information must respond to and resolve security‐related reports, inquiries and incidents in a timely and professional manner. The Contractor must notify the DOE within 24 hours of when Contractor becomes aware of any such incident or suspected incident that poses a potential risk to the Protected Information. The Contractor shall send the notification to ▇▇▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇.▇▇▇.▇▇▇.
Application Development. Application developers must ensure that their programs contain the following security precautions:
1. Applications must support authentication of individual users, not groups.
2. Applications must not store passwords in clear text or in any easily reversible form.
3. Applications must not transmit passwords in clear text over the network.
4. Applications must provide for some sort of role management, such that one user can take over the functions of another without having to know the other's password.
Application Development. The application and associated databases must validate all input fields for positive and negative bounds defined. • Implement safeguards against attacks (e.g., sniffing, password cracking, defacing, backdoor exploits) • Protect the data by using a least privilege and a defense-in-depth layered strategy tocompartmentalize the data. • Handle errors and faults by always failing securely without providing non-essential information during error handling. • Log data to support general troubleshooting, success and failure of audit trail investigative requirements, andregulatory requirements, with support for centralized monitoring where appropriate. • Built-in security controls – built-in access controls, security auditing features, fail- overfeatures, etc. • Prevent buffer overflows. • Avoid arithmetic errors. • Implement an error handling scheme. Error messages should not provide information that could be used to gain unauthorized access. • Test data used during development must be non-production simulated data. • Implement protocols (TCP/IP, HTTP, etc.) without deviation from standards.
Application Development. Data exports; Maintenance plans Inc. Data Cleansing; Configuration Management; Change Management; Release Management; Problem Management; Process Design; forms; documents; templates; alerts; optional settings; tray management.
Application Development. Contractor agrees that it will not engage in any application development without or until it has demonstrated compliance with the provisions of these General Conditions and Exhibit B and Exhibit C.
Application Development. Contractor must utilize State technology stack to complete development.
1. Development for RMA or mobile friendly web application
2. Develop and implement web services or other data access tools necessary to accurately, efficiently, and securely access and/or update approved State agency data.
3. Unit, integration, and usability testing for RMA or mobile friendly web application.
4. All source code must be provided to the State and will be owned by the State for modification, enhancement, and maintenance. Documented source code. Additional deliverables to be defined in the Statement of Work. Complete self-assessment for ADA compliance. High-level acceptance criteria for Document Deliverables and Software Deliverables are listed in Section 1.501. Review and verification of compliance with the Section 508 of the Rehabilitation Act (29 U.S.C. 794d) as amended by the Workforce Investment Act of 1998, specifically Web Content Accessibility Guidelines (WCAG) 2.0AA. WCAG. Delivery of working source code Verification of all IT tools necessary for production implementation and support of RMA or mobile friendly web applications are listed on the attached Enterprise Architecture Solution Assessment or approved through the MCOE. Verification of adherence to DTMB standards for technology tools, security, user experience, branding, testing, and deployment of RMA and mobile friendly web applications. Specific acceptance criteria to be outlined in each SOW.
Application Development a. Stack provides software as a solution. In developing the software provided as the Service, Stack shall adopt secure coding practices that address at a minimum the Open Web Application Security Project (OWASP) top ten vulnerabilities.
b. Stack will have documented policies and/or processes identifying where security checks, and the associated methods, are applied throughout the development lifecycle.
c. Stack will ensure that logs of activities on customer interfaces (for example but not limited to web server and database logs) and IT admin activity logs, both at server and GUI level, are logged remotely from the servers themselves (if the Service is hosted on Stack’s third-party provider system). The logs will be retained as per ▇▇▇▇▇’s retention policies.
d. At least annually, Stack shall, at its own cost, undertake an independent application and/or infrastructure penetration testing of Services provided to the Customer Group Company using an internationally recognised methodology such as OWASP. Evidence of independent testing can be provided, if requested in writing.
e. Vulnerability scans shall be performed at least quarterly. Stack shall install (a) critical security patches within thirty (30) days of the vendor’s release date; and (b) non-critical security patches within ninety (90) days of the vendor’s release date.
Application Development. ▪ The application and associated databases must validate all input. ▪ Implement safeguards against attacks (e.g. sniffing, password cracking, defacing, backdoor exploits) ▪ Protect the data by using a least privilege and a defense-in-depth layered strategy to compartmentalize the data. ▪ Handle errors and faults by always failing securely without providing non-essential information during error handling. ▪ Log data to support general troubleshooting, audit trail investigative requirements, and regulatory requirements, with support for centralized monitoring where appropriate. ▪ Built-in security controls – built-in access controls, security auditing features, fail-over features, etc. ▪ Prevent buffer overflows. ▪ Avoid arithmetic errors. ▪ Implement an error handling scheme. Error messages should not provide information that could be used to gain unauthorized access. ▪ Test data used during development must be non-production simulated data. ▪ Implement protocols (TCP/IP, HTTP, etc.) without deviation from standards.
Application Development. Application Development is the development of new applications which may be server, network-based, cloud-based, web-based or a combination and may require interfaces to existing applications. Application Maintenance and Support includes troubleshooting, modifying, maintaining, improving security, and enhancing legacy systems and applications which may be running in a production environment. Examples may include: Designing, developing, and deploying custom software applications to meet our specific business needs. Creating user-friendly interfaces and intuitive user experiences. Ensuring scalability, performance, and security of the applications. Utilizing modern development frameworks and technologies. Enhancing and maintaining existing applications to meet evolving business needs. Conducting thorough testing, debugging, and documentation of applications.
Application Development. Application Development is the development of new applications which may be server, network-based, cloud-based, web-based or a combination and may require interfaces to existing applications. Application Maintenance and Support includes troubleshooting, modifying, maintaining, improving security, and enhancing legacy systems and applications which may be running in a production environment. Examples may include: • Designing, developing, and deploying custom software applications to meet our specific business needs. • Creating user-friendly interfaces and intuitive user experiences. • Ensuring scalability, performance, and security of the applications. • Utilizing modern development frameworks and technologies. • Enhancing and maintaining existing applications to meet evolving business needs. • Conducting thorough testing, debugging, and documentation of applications. Doc2u.SignAEpnpvelilocpaetiIDon: 5MC14a4inA6teBn-BaCn4cDe-4a7n37d-8S9Eu 9p-p74o4r5tE–28A85p3pBl3ication Maintenance and Support includes troubleshooting, modifying, maintaining, improving security, and enhancing legacy systems and applications which may be running in a production environment. Examples may include: • Providing ongoing maintenance and support services for our existing applications. • Conducting regular monitoring and enhancements to ensure optimal performance. • Offering timely response and resolution to reported issues and incidents. • Performing routine updates, bug fixes, and troubleshooting. • Ensuring the availability, responsiveness, performance, and security of applications. • Applying industry best practices and proactive measures to minimize downtime.