Vulnerability Scanning Sample Clauses
The Vulnerability Scanning clause requires regular assessment of systems or software to identify security weaknesses or vulnerabilities. Typically, this involves scheduled scans using automated tools, with the results reviewed and addressed by the responsible party to mitigate potential risks. This clause ensures that security threats are proactively detected and managed, reducing the likelihood of data breaches or system compromises.
POPULAR SAMPLE Copied 4 times
Vulnerability Scanning. The identified appliances / services will be used to attempt to exploit weaknesses in the client’s infrastructure. Building upon what was mapped, Provider attempts to exploit identified vulnerabilities. Examples include: • SNMP Scanning – Captures both the physical and logic construct of the device. • Operating System Scanning – Identifies the target’s operating system in order to tailor applicable and specific attacks for that platform.
1. Windows XP
2. Windows 7
3. Linux Red Hat
4. Apple OS X
5. Windows Server 2003 / 2008
6. Window’s Active Directory - The Windows AD environment is a key component of this assessment since it controls the entire enterprise’s communications and authentication infrastructure. The key elements are: o DHCP o DNS o Tree / ▇▇▇▇▇▇▇ evaluation o Business Unit structure o Others CUSTOMER NAME Page 5 of 14 Last Revised 9/18/2018 DIR-TSO-4173 Appendix D – Service Agreement • Application Scanning – Examines the running services found on that device including:
1. Window’s Internet Information Services (web server).
2. Apache web server.
3. PHP scripting.
4. P’s OpenView management application.
5. Broken SSL vulnerabilities.
Vulnerability Scanning. Coinbase employs security best practices to ensure that the Services are secured, updates to its primary services do not introduce new vulnerabilities, and that new services have been sufficiently analyzed for and defended from potential vulnerabilities. Coinbase supplements its day-to-day security practices, including architecture reviews, with regular vulnerability assessments and audits, including (1) automated scans of all code and applications where possible to identify vulnerabilities before ever being introduced to Coinbase’s environment; (2) once services are deployed, implementing continuous monitoring to promptly assess and react to any potential vulnerabilities; and (3) regular evaluation by independent third parties. Critical software patches are evaluated, tested and applied proactively. Penetration Testing. Coinbase performs penetration tests and engages independent third-party entities to conduct application-level penetration tests on an annual basis at minimum. Results of penetration tests are prioritized, triaged, and remediated promptly by Coinbase’s security team according to established SLAs.
Vulnerability Scanning. Alteryx maintains a vulnerability management program and performs regular vulnerability scanning against services and key infrastructure utilizing industry standard tools or well-known external suppliers.
Vulnerability Scanning. Service vulnerability audits must be conducted with reference to the results of the port/protocol scans and the network design. The audit should detail: Low, medium and high risk vulnerabilities so that a risk assessments can be made and fixes implemented where necessary List any mitigations to medium and high risk.
Vulnerability Scanning. Both parties shall:
Vulnerability Scanning. Provides monthly vulnerability assessment and intrusion detection.
Vulnerability Scanning. 12.10.1 Envestnet shall allow Fidelity, or its designee, to perform annual network security vulnerability assessments (including non-intrusive security scans) on any Envestnet internet facing web server that hosts or provides access to any Fidelity Confidential Information. Prior to performing any non-intrusive security scan, Fidelity will provide Envestnet with the date and time of the scan and the IP addresses from which the scan will originate.
12.10.2 Envestnet will be given access to a report regarding the scan results. Envestnet shall provide Fidelity with a written action plan to address concerns resulting from the regular network security vulnerability assessments based upon the following schedule: High risk: 0 –10 days Medium risk: 0 – 30 days Low risk: actions shall be agreed upon by both parties
Vulnerability Scanning. Supplier will provide a platform to allow Customer to run automated Vulnerability Scans of the most common ports with the option to customise to Customer’s requirements, to assess systems or applications for known security flaws and weaknesses. Supplier will provide threats that can be managed, allocated, assigned and risks accepted via ▇▇▇▇▇▇▇.▇▇▇ in addition to actionable remediation advice. The service will allow Customer to identify assets that are prone to attacks. Customer will define the scope of the automated scans and take measures to patch or remediate the threats as provided by Supplier’s automated process.
Vulnerability Scanning. 13. Is vulnerability scanning of your development environments that will interface with Motricity a regular and ongoing process? Briefly describe the process, and provide the names of vulnerability testing tools used. ***. We are using *** as our IDS and IPS. Details about *** as a system is available on the link provided. Please refer to Section 4.10 of Appendix for our IDS/IPS management policy.
Vulnerability Scanning. 1.21.4.1 The EC system shall be scanned for vulnerabilities prior to delivery. The EC system shall be scanned using NESSUS or equivalent. The EC system shall be scanned for vulnerabilities using the most recently released signatures.
1.21.4.2 The signatures used for scanning shall be less than 10 calendar days old at the time of scanning. The date of signatures used for each scan shall be provided along with the scan results. The name or reference number for the signatures used for each scan shall be provided along with the scan results. The vulnerability scan report shall be encrypted and provided to the Government.
1.21.4.3 The EC system shall be remediated for any vulnerabilities discovered during scanning in accordance with National Security Agency Guidance for Addressing Malicious Code Risk dated 10 September 2007. The EC system shall remediated for any vulnerabilities discovered during scanning before delivery. CDRLs: C010, C014