Web site development and security

[Theresa M Rowe <rowe () OAKLAND EDU>]

We recently completed a security audit.  A recommendation in
the audit was to "Establish a best-practice in software
development to develop secure and quality web applications."

In detail, we are finding many of our departments are
developing their own web sites using MS-Access, My SQL, or
SQL Server databases as back-ends.  Some of these might
contain sensitive data and may not be secure or might be
susceptible to package weaknesses (like the recent SQL
Injection problem).

Do any of you have development standards that address
security issues around this type of development (that you
could share)?

Thanks in advance -
Theresa Rowe
Assistant Vice President
University Technology Services
www.oakland.edu/uts - the latest news from University Technology Services

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.