Specifications include, but are not limited to: A comprehensive code review of the site-specific extensions (approximately 50,000 lines of code) which includes scanning through static computer-aided testing tools, as well as manual review of code sections and validation of bugs against known attacks. Code will be reviewed to ensure that all data stored within ATLAS is properly protected, as well as the access methods to add, delete or modify that data. As part of this review, manual and automated scan processes will be used to identify the following vulnerability categories: Input validation Authentication and session management Access control Security misconfiguration Use of secure cookies for session management Injection Cross-Site Scripting Cross-Site Request Forgery Configuration management Sensitive Data Exposure Underprotected Application Programming Interfaces
