Application Level Security Clause Samples
The Application Level Security clause establishes requirements and standards for protecting software applications from unauthorized access, data breaches, and other security threats. It typically mandates the implementation of security controls such as authentication, encryption, and regular vulnerability assessments within the application itself. By setting these expectations, the clause helps ensure that applications remain secure against evolving threats, thereby safeguarding sensitive data and maintaining the integrity of the system.
Application Level Security a. User account passwords are hashed using a secure low-entropy key derivation function, which protects against brute-force attacks.
b. All applications are served exclusively via TLS with a modern configuration.
c. All login pages have brute-force logging and protection.
d. Two-factor authentication is supported and is mandatory for all internal administrator functions of the application.
e. All code changes to our applications require code reviews via an enforced code review process.
f. Automated code and dependency analysis tools are in place to identify emergent security issues.
g. Regular application security penetration tests are conducted by different vendors. These tests include high-level server penetration tests across various parts of our platform (i.e. Dashboard, Designer, Editor, Hosted Sites), as well as security-focused source code reviews.