Educause Security Discussion mailing list archives
Re: Web site development and security
From: Kathy Bergsma <kathya () NERSP NERDC UFL EDU>
Date: Fri, 19 Nov 2004 14:36:55 -0500
We wrote these secure coding guidelines last year. They have been well received at UF. http://www.it.ufl.edu/policies/security/guidelines-app-dev.html ============= Kathy Bergsma UF Information Security Manager 352-392-2061 On Fri, 19 Nov 2004, Theresa M Rowe wrote:
We recently completed a security audit. A recommendation in the audit was to "Establish a best-practice in software development to develop secure and quality web applications." In detail, we are finding many of our departments are developing their own web sites using MS-Access, My SQL, or SQL Server databases as back-ends. Some of these might contain sensitive data and may not be secure or might be susceptible to package weaknesses (like the recent SQL Injection problem). Do any of you have development standards that address security issues around this type of development (that you could share)? Thanks in advance - Theresa Rowe Assistant Vice President University Technology Services www.oakland.edu/uts - the latest news from University Technology Services ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Web site development and security Theresa M Rowe (Nov 19)
- <Possible follow-ups>
- Re: Web site development and security Kathy Bergsma (Nov 19)
- Re: Web site development and security Gene Spafford (Nov 19)