Application Development. The application and associated databases must validate all input fields for positive and negative bounds defined. • Implement safeguards against attacks (e.g., sniffing, password cracking, defacing, backdoor exploits) • Protect the data by using a least privilege and a defense-in-depth layered strategy tocompartmentalize the data. • Handle errors and faults by always failing securely without providing non-essential information during error handling. • Log data to support general troubleshooting, success and failure of audit trail investigative requirements, andregulatory requirements, with support for centralized monitoring where appropriate. • Built-in security controls – built-in access controls, security auditing features, fail- overfeatures, etc. • Prevent buffer overflows. • Avoid arithmetic errors. • Implement an error handling scheme. Error messages should not provide information that could be used to gain unauthorized access. • Test data used during development must be non-production simulated data. • Implement protocols (TCP/IP, HTTP, etc.) without deviation from standards.
Appears in 2 contracts
Sources: Data Processing and Security Agreement, Data Processing and Security Agreement