Educause Security Discussion mailing list archives
Web application security assessment
From: Gary Flynn <flynngn () JMU EDU>
Date: Wed, 25 Apr 2007 09:22:52 -0400
Hi, We're getting ready to expose our new Oracle/Campus EAI based portal to the Internet. Due to the newness of the environment and its potential integration with critical campus information and infrastructure resources, we're considering the procurement of an independent security assessment of the applications, architecture, implementation, and integration methods. We've been considering a pen-test engagement. We don't want to go through the discovery and reconnaissance phase. We want to fully disclose the architecture and let the vendor spend their time assessing it rather than discovering it. We certainly want more than automated vulnerability scanning. Has anyone been in a similar situation? What did you do? Who did you hire? What were the approximate costs? -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Web application security assessment Gary Flynn (Apr 25)
- <Possible follow-ups>
- Re: Web application security assessment Chris Bennett (Apr 25)
- Re: Web application security assessment St Clair, Jim (Apr 25)