Educause Security Discussion mailing list archives
Web Application Security Assessment
From: "DiGrazia, Mick A" <mick.digrazia () UCONN EDU>
Date: Wed, 19 Mar 2008 10:57:22 -0400
I would be interested in hearing about your experience with tools to perform web application security assessments. In particular: 1. What product are you using at your institution? 2. After the vendor was selected, how much time was needed to implement the system? 3. What groups were involved in the implementation? Was it just the security area, or were the server, applications, and other groups involved? If they were involved, was their time commitment significant? 4. Whose responsibility is it to perform security assessments? Is it the IT Security Office's role or the web\application developers'? 5. Is there a requirement or policy to assess all applications before moving to production? 6. Has the use of the assessment tools helped to reduce or eliminate incidences related to web applications? Many thanks in advance for your responses. Kind Regards, Mick A. DiGrazia Information Security Analyst University of Connecticut mick.digrazia () uconn edu
Current thread:
- Web Application Security Assessment DiGrazia, Mick A (Mar 19)