Educause Security Discussion mailing list archives
Re: Web application security scanners
From: "Lovaas,Steven R" <Steven.Lovaas () COLOSTATE EDU>
Date: Thu, 18 Jan 2007 19:51:27 -0700
Our goals are twofold: 1) First, scan existing applications to cover our bases for compliance and to teach us more about how our coding has been done in the past (and fix the glaring errors). 2) Use what we learn in #1 to change the climate of how people develop web apps. I predict that will take the form of some workshops/classes at the very least, as well as perhaps a new focus on secure coding in professional development and even in hiring. Steve Lovaas Colorado State University ________________________________________ From: Chris Green [cmgreen () UAB EDU] Sent: Thursday, January 18, 2007 7:41 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Web application security scanners What are you all doing for training these developers? Are you auditing applications and then working backwards towards training them how to write applications? I really want something like a "webapp attacks for developers" class.
-----Original Message----- From: Lovaas,Steven R [mailto:Steven.Lovaas () COLOSTATE EDU] Sent: Thursday, January 18, 2007 5:34 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Web application security scanners We're taking a serious look at Watchfire's AppScan...
Current thread:
- Web application security scanners Brad Judy (Jan 18)
- <Possible follow-ups>
- Re: Web application security scanners Steve Brukbacher (Jan 18)
- Re: Web application security scanners Lovaas,Steven R (Jan 18)
- Re: Web application security scanners Chris Green (Jan 18)
- Re: Web application security scanners Lovaas,Steven R (Jan 18)