My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
SOFTWARE SECURED CAUTUS INC. 1 - 2012
Clerk
>
Contracts / Agreements
>
S
>
SOFTWARE SECURED CAUTUS INC. 1 - 2012
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
6/19/2014 3:28:40 PM
Creation date
7/24/2012 1:06:06 PM
Metadata
Fields
Template:
Contracts
Company Name
SOFTWARE SECURED CAUTUS INC.
Contract #
N-2012-085
Agency
FINANCE & MANAGEMENT SERVICES
Expiration Date
12/31/2012
Destruction Year
2018
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
10
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Ex�rrarr A <br />Lxtranet Security Technical F�evtew <br />Statement of Services. <br />Background <br />The City of Santa Ana is implementing an Extranet so that residents and businesses can take <br />advantage of on -line services as they become available. This is the first time that the City is <br />exposing internal systems to external access by non - employee Internet users. The Inspection <br />Scheduling application is the first to be implemented_ The purpose of this project is to provide a <br />security review of the City's programming code for the Inspection Scheduling application. <br />Scone <br />The Vendor is an expert in the field of application programming and infrastructure security. This <br />engagement will include an audit of the City's Inspection Scheduling application utilizing a <br />combination of proprietary and publidy available software tools coupled with a manual review of <br />the application source code. <br />Obiectives <br />The objectiv ®s of this engagement are to ensure that the City understands the nature and <br />severity of any security vulnerabilities in order to assess risk assodated with the Extranet; to <br />gain recommendations as to their resolution- and to gain additional internal security expertise <br />through the transfer of knowledge obtained by this engagement. <br />Services <br />Vendor will perform a standard security code review of the Inspection Scheduling application, an <br />estimated 10,356 lines of code. <br />Scan and audit the source code using Vendor's proprietary static code analysis tools <br />Perform a manual code review of high /critical areas of the application based on threat <br />analysis of the application using results from questionnaires completed by application <br />team, runtime /dynamic environment, etc_ <br />Check the code base against the Vendor's proprietary Application Security Checklist. <br />Provide all deliverables under the Deliverables section of this Statement of Services_ <br />Deliverables <br />No later than 1 week after the audit has been completed, the Vendor will provide all deliverables <br />defined herein: <br />1. Provide a report similar to the sample report provided in the proposal. The report should <br />comprised of the following (the sample report is found in Attachment A)' <br />o Project Summary <br />o Introduction <br />v Project Scope and Timeline <br />o Risk Rating Profiler <br />o Exception Listing Description <br />o Summary of Findings <br />o Testing Methodology <br />o Approach and Scope <br />a Source Code and Application Environment <br />o Overview of Application Architecture and Security Controls <br />o Majar Findings by Severity Level <br />s�l� <br />
The URL can be used to link to this page
Your browser does not support the video tag.