I am doing some end of year Informoation protection documentation tasks and need to get some verification of the following,
pertaining to Central Management Console and web report parameter pages for BOE XI (R1)
Vendors should verify in writing that the application has been coded to include transaction support for all updates to the database.
Vendors should verify in writing that the application has been coded to prevent SQL injection attacks
Vendors should verify in writing that the application has been coded to prevent buffer overruns. - Applications must be written to prevent buffer overruns by validating all input data for length.
If anyone knows of where this stuff is verified, I would apreciate it.
Thanks,
Dan Buegeleisen