Educause Security Discussion mailing list archives
Re: Web Security - what do you do?
From: "Pratt, Benjamin E." <bepratt () STCLOUDSTATE EDU>
Date: Thu, 7 May 2009 07:24:23 -0500
Hello Greg - At the EDUCAUSE Security Professionals conference in Atlanta a couple of weeks ago we presented on the web application firewall(s) that we at SCSU have implemented over the last year. A WAF is a good last line of defense for securing web applications but as you said, developer training and the development process should be a major focus. We have also provided security training for our developers, such as webcasts from Core Security Technologies and others, as well as tools, such as w3af and Samurai WTF, for our developers to use while developing applications. Ben -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg Vickers Sent: Wednesday, May 06, 2009 8:25 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Web Security - what do you do? Hi all, The QUT IT Security Program is undertaking the Web Security project, which will review the security of the QUT web presence. This project encompasses our current tools, procedures and practices (including development and training approaches). We will investigate tools that could be leveraged to improve the security of the web presence at QUT, such as: * Web server scanning tools, * Tools to better manage web infrastructure, e.g., cPanel and other web host managers. * Web application development training and certification, * Other technologies to find web servers with vulnerabilities. This project is not looking directly at the security of the web servers themselves, (i.e. operating system level) but at the security of the web server applications and the actual web site code. We would like to know what tools, training, standards and developmental activities, etc, that your University or higher education institution use in this space. If further clarification is required, please contact the project manager at QUT, Greg Vickers (+61 7 3138 6902), email: g.vickers () qut edu au Thanks, -- Greg Vickers Phone: +61 7 3138 6902 IT Security Engineer & Project Manager Queensland University of Technology, CRICOS No. 00213J
Current thread:
- Web Security - what do you do? Greg Vickers (May 06)
- <Possible follow-ups>
- Re: Web Security - what do you do? Pratt, Benjamin E. (May 07)
- Re: Web Security - what do you do? Hugh Burley (May 07)
- Re: Web Security - what do you do? Karen Stopford (May 07)
- Re: Web Security - what do you do? Pace, Guy (May 07)
- Re: Web Security - what do you do? Jason Testart (May 07)
- Re: Web Security - what do you do? Christopher Jones (May 07)
- Re: Web Security - what do you do? Rowe, Ken (May 07)
- Re: Web Security - what do you do? St Clair, Jim (May 07)
- Re: Web Security - what do you do? Gary Flynn (May 07)
- Re: Web Security - what do you do? Paul Keser (May 07)
- Re: Web Security - what do you do? Karen Stopford (May 11)
(Thread continues...)