Application Security. The ISP will require that in-house application development be governed by a documented secure software development life cycle methodology, which will include deployment rules for new applications and changes to existing applications in live production environments.
Application Security. Zoom must have an established software development lifecycle for the purpose of defining, acquiring, developing, enhancing, modifying, testing or implementing information systems. Zoom must ensure that web-based and mobile applications used to store, receive, send, control or access Customer Data are monitored, controlled and protected.
Application Security. The software development for the Medallia Experience Cloud follows a secure lifecycle, including source code management and appropriate reviews.
Application Security. Contractor must maintain and support its software and subsequent upgrades, updates, patches, and bug fixes such that the software is, and remains secure from known vulnerabilities.
Application Security. ● The Hubilo development team is trained on OWASP Secure Coding Practices and uses industry best practices for building secure applications. · The Hubilo security team conducts Whitebox testing on each code release and they also do Blackbox testing on third-party software to mitigate risk. Apart from this Hubilo also performs code scanning using Sonarqube in QA environment. Hubilo Security team uses Burp Suite Professional software to test for all vulnerabilities from time to time as per Hubilo policies and procedures. ● Hubilo code is stored in a code repository system hosted by our cloud data centre provider. Hubilo adopts a strict, least access privileges principle for access to the code. Commits to production code are strictly reviewed, and approval is restricted to just CTO/Sr. VP of Engineering / Lead-DevOps, (after passing Unit Testing and QA in Test and Staging). ● The data stored on production servers is accessible only to the CTO/Sr. VP of Engineering/ Lead-DevOps of the org. No other workforce member of Hubilo has access to customer data unless access permission is granted by the CTO/Sr. VP of Engineering to resolve any technical issue or for debugging. ● The Hubilo production environment is logically segregated from the staging and development environment with concepts of virtual private cloud and subnets. There is an hourly backup of the database data at secured cloud storage of cloud service provider (AWS). ● Connection to the Hubilo web-app via HTTPS by using the latest version of Transport Layer Socket (TLS) like TLS 1.2+ and above.
Application Security. Reveal uses Xxxxxx.xxx to detect and block in real time attacks such as XSS, SQL Injections, Identity Theft etc. We also use Cloudflare to protect our services from Distributed Denial of Service (DDoS) attacks.
Application Security. Access between secured and unsecured portions of the system will not be performed by CGI scripts. All user input and data, including URL name-value arguments, will be checked for its appropriateness based on its format, size and validity. All outside data requests (i.e., http/https requests) are allowed in a specified, controlled format which is processed by Envestnet according to prescribed procedures and the request results are then sent back to the outside party. The principal servers used by Envestnet shall not have the ability to remotely execute arbitrary outside requests, except for remote management performed over an encrypted, authenticated VPN.
Application Security. Provider must ensure that applications available as a service via the cloud are secure by implementing testing and acceptance procedures for outsourced or packaged application code. It also requires application security measures be in place in the production environment. Please provide details of these controls.
Application Security. Druva shall at all times develop, provide, maintain and support Cloud Services and the Software and subsequent updates, upgrades and bug fixes such that the Cloud Services and the Software remain secure from those vulnerabilities as described in The Open Web Application Security Project's (OWASP) "Top Ten Project" and other generally recognized and comparable web application security standards.
Application Security. EBSCO employs Next Generation and Application Firewall technologies to mitigate the latest threat and attack vectors such as: • Zero Day exploits • Web application attacks (OWASP Top10) • “Brute Force” and “Low and Slow” attacks • Content scraping/harvesting • Phishing/Spear Phishing • Botnet/SpamBot activity • Known malicious sources/actors EBSCO leverages these technologies coupled with commercial threat intelligence feeds to create a comprehensive solution to detect and mitigate targeted application attacks before they have a chance for success. Logical System Access EBSCO has controls and practices to protect the security of customer information and employees. EBSCO maintains detailed logical access control security. Group access is used to grant employees access based upon their assigned function and job responsibility. Each system user is assigned a unique user ID and password, and users are required to enter their current password prior to creating a new password. Media Disposal EBSCO utilizes a combination of internal processes and third-party vendors for media disposal. Destruction is based on the information asset classification and retention requirements. Certificates of destruction are collected, as required, from external third parties. Logging Controls EBSCO’s policies provide that all event logs must be collected and protected from unauthorized access. The viewing of logs occurs only as required. The logs are further protected by a file integrity monitoring system that alerts the IS department of unauthorized access and modification. Personnel Controls EBSCO employees are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. EBSCO will verify an individual’s education and previous employment, and perform internal and external reference checks. Where local laws or statutory regulations permit, EBSCO may also conduct criminal, credit, immigration, and security checks. The extent of background checks is dependent on the desired position. Upon acceptance of employment at EBSCO, all employees are required to execute a confidentiality agreement that documents the receipt of, and compliance with, EBSCO policies. At EBSCO, all employees are responsible for information security. As part of this responsibility, they are tasked with communicating security and privacy issues to designated management in Technology, IS, and/or the CIO. ...
