Web Security Audit / Assessment Sample Clauses

Web Security Audit / Assessment. Selected IT Security Audit Agency(ies) shall be responsible for the assessment of the security, vulnerabilities, threat and risks that exist in Website / Web applications of Government of Rajasthan by running Internet Vulnerability Assessment and Penetration Testing Scripts with appropriate usage of testing tools. RISL Rate Contract for Security Audit of Website(s) / Web Application(s) / portal(s) All the assessment methodology and testing procedures should be based on Industry best practices and Standards like Open Web Application Security Project (OWASP), SANS top 20, ISO27001 etc. IT Security Audit Agency should check for the below indicative list of potential threats and web attacks which are vulnerable to the Websites/ Web applications/ Portals and shall submit a detailed recommendation report for the identified vulnerability. Sr. No. Threats category Potential Threats and definitions 1. Network Threat Network Infrastructure may get exploit by attacks and intrusions due to poor configuration, weak default installation settings, wide open access controls and devices lacking the latest security patches. This threat may include: • Information Gathering: By Port scanning, banner grabbing and enumeration, attackers can easily detect device types, operation system and application version and with these information, attackers can easily attack known vulnerability. • Sniffing: aka eavesdropping – attackers monitor traffic on network for data such as plaintext passwords or configuration information • Spoofing: Xxxxxxxxx uses a fake source address that does not represent the actual address of the packet. Spoofing may be used to hide the original source of an attack or to work around network access control lists (ACLs) that are in place to limit host access based on source address rules • Session Hijacking • Denial of Service 2. Host Threats Host threats are directed at the system software upon which your applications are built. This includes Windows 2000, Microsoft Windows Server 2003, Internet Information Services (IIS), the .NET Framework, and SQL Server depending upon the specific server role. Top host level threats include: • Viruses, Trojan horses, and worms • Foot printing • Profiling • Password cracking • Denial of service • Arbitrary code execution • Unauthorized access 3. Input Validation Threats Attackers use deliberately malformed input into application that compromises the application. Following attacks which exploits the poor input validations are:...
Sample 1Sample 2
AutoNDA by SimpleDocs

Related to Web Security Audit / Assessment

  • Security Assessment If Accenture reasonably determines, or in good faith believes, that Supplier’s security practices or procedures do not meet Supplier’s obligations under the Agreement, then Accenture will notify Supplier of the deficiencies. Supplier will without unreasonable delay: (i) correct such deficiencies at its own expense; (ii) permit Accenture, or its duly authorized representatives, to assess Supplier’s security-related activities that are relevant to the Agreement; and (iii) timely complete a security questionnaire from Accenture on a periodic basis upon Accenture’s request. Security issues identified by Accenture will be assigned risk ratings and an agreed-to timeframe to remediate. Supplier will remediate all the security issues identified within the agreed to timeframes. Upon Supplier’s failure to remediate any high or medium rated security issues within the stated timeframes, Accenture may terminate the Agreement in accordance with Section 8 above.

  • Security Audit Customer agrees that PROS’ Audit Report will be used to satisfy any audit or inspection requests by or on behalf of Customer, and PROS will make Audit Reports available to Customer upon request. PROS will promptly remediate any material weaknesses or significant control deficiencies identified in any Audit Reports. In the event that an audit opinion is qualified and the qualification has not been remediated by the date of the Audit Report, PROS shall (i) provide Customer with PROS remediation plan; and (ii) execute such plan in accordance with its terms.

  • Conformity Assessment 1. The Parties recognize that a broad range of mechanisms exists to facilitate the acceptance of conformity assessment procedures and results thereby, including:

  • Security Audits Each Contract Year, County may perform or have performed security reviews and testing based on an IT infrastructure review plan. Such testing shall ensure all pertinent County security standards as well as any customer agency requirements, such as federal tax requirements or HIPPA.

  • Diagnostic Assessment 6.3.1 Boards shall provide a list of pre-approved assessment tools consistent with their Board improvement plan for student achievement and which is compliant with Ministry of Education PPM (PPM 155: Diagnostic Assessment in Support of Student Learning, date of issue January 7, 2013).

  • Project Monitoring Reporting Evaluation A. The Project Implementing Entity shall monitor and evaluate the progress of its activities under the Project and prepare Project Reports in accordance with the provisions of Section 5.08(b) of the General Conditions and on the basis of indicators agreed with the Bank. Each such report shall cover the period of one

  • Security Assessments Upon advance written notice by the JBE, Contractor agrees that the JBE shall have reasonable access to Contractor’s operational documentation, records, logs, and databases that relate to data security and the Contractor’s Information Security Program. Upon the JBE’s request, Contractor shall, at its expense, perform, or cause to have performed an assessment of Contractor’s compliance with its privacy and data security obligations. Contractor shall provide to the JBE the results, including any findings and recommendations made by Contractor’s assessors, of such assessment, and, at its expense, take any corrective actions.

  • Search, Enquiry, Investigation, Examination And Verification a. The Property is sold on an “as is where is basis” subject to all the necessary inspection, search (including but not limited to the status of title), enquiry (including but not limited to the terms of consent to transfer and/or assignment and outstanding charges), investigation, examination and verification of which the Purchaser is already advised to conduct prior to the auction and which the Purchaser warrants to the Assignee has been conducted by the Purchaser’s independent legal advisors at the time of execution of the Memorandum.

  • Benchmarking Report For the purposes of this Framework Schedule 12 “

  • Conformity Assessment Procedures 1. Each Party shall give positive consideration to accepting the results of conformity assessment procedures of other Parties, even where those procedures differ from its own, provided it is satisfied that those procedures offer an assurance of conformity with applicable technical regulations or standards equivalent to its own procedures.

Time is Money Join Law Insider Premium to draft better contracts faster.