Educause Security Discussion mailing list archives

Re: Web application security scanners

From: "Lovaas,Steven R" <Steven.Lovaas () COLOSTATE EDU>
Date: Thu, 18 Jan 2007 19:51:27 -0700

Our goals are twofold:

1) First, scan existing applications to cover our bases for compliance and to teach us more about how our coding has 
been done in the past (and fix the glaring errors).

2) Use what we learn in #1 to change the climate of how people develop web apps. I predict that will take the form of 
some workshops/classes at the very least, as well as perhaps a new focus on secure coding in professional development 
and even in hiring.

Steve Lovaas
Colorado State University

________________________________________
From: Chris Green [cmgreen () UAB EDU]
Sent: Thursday, January 18, 2007 7:41 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Web application security scanners

What are you all doing for training these developers?  Are you auditing
applications and then working backwards towards training them how to
write applications?

I really want something like a "webapp attacks for developers" class.

-----Original Message-----
From: Lovaas,Steven R [mailto:Steven.Lovaas () COLOSTATE EDU]
Sent: Thursday, January 18, 2007 5:34 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Web application security scanners

We're taking a serious look at Watchfire's AppScan...

Current thread:

Web application security scanners Brad Judy (Jan 18)
- <Possible follow-ups>
- Re: Web application security scanners Steve Brukbacher (Jan 18)
- Re: Web application security scanners Lovaas,Steven R (Jan 18)
- Re: Web application security scanners Chris Green (Jan 18)
- Re: Web application security scanners Lovaas,Steven R (Jan 18)