Educause Security Discussion mailing list archives

Re: Web site development and security

From: Kathy Bergsma <kathya () NERSP NERDC UFL EDU>
Date: Fri, 19 Nov 2004 14:36:55 -0500

We wrote these secure coding guidelines last year.  They have been well
received at UF.

http://www.it.ufl.edu/policies/security/guidelines-app-dev.html

=============
Kathy Bergsma
UF Information Security Manager
352-392-2061

On Fri, 19 Nov 2004, Theresa M Rowe wrote:

We recently completed a security audit.  A recommendation in
the audit was to "Establish a best-practice in software
development to develop secure and quality web applications."

In detail, we are finding many of our departments are
developing their own web sites using MS-Access, My SQL, or
SQL Server databases as back-ends.  Some of these might
contain sensitive data and may not be secure or might be
susceptible to package weaknesses (like the recent SQL
Injection problem).

Do any of you have development standards that address
security issues around this type of development (that you
could share)?

Thanks in advance -
Theresa Rowe
Assistant Vice President
University Technology Services
www.oakland.edu/uts - the latest news from University Technology Services

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Web site development and security Theresa M Rowe (Nov 19)
- <Possible follow-ups>
- Re: Web site development and security Kathy Bergsma (Nov 19)
- Re: Web site development and security Gene Spafford (Nov 19)