Educause Security Discussion mailing list archives

Re: Web Security - what do you do?

From: "Pratt, Benjamin E." <bepratt () STCLOUDSTATE EDU>
Date: Thu, 7 May 2009 07:24:23 -0500

Hello Greg -

At the EDUCAUSE Security Professionals conference in Atlanta a couple of weeks ago we presented on the web application 
firewall(s) that we at SCSU have implemented over the last year. A WAF is a good last line of defense for securing web 
applications but as you said, developer training and the development process should be a major focus.

We have also provided security training for our developers, such as webcasts from Core Security Technologies and 
others, as well as tools, such as w3af and Samurai WTF, for our developers to use while developing applications.

Ben

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg 
Vickers
Sent: Wednesday, May 06, 2009 8:25 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Web Security - what do you do?

Hi all,

The QUT IT Security Program is undertaking the Web Security project, 
which will review the security of the QUT web presence.  This project 
encompasses our current tools, procedures and practices (including 
development and training approaches).  We will investigate tools that 
could be leveraged to improve the security of the web presence at QUT, 
such as:

* Web server scanning tools,
* Tools to better manage web infrastructure, e.g., cPanel and other web 
host managers.
* Web application development training and certification,
* Other technologies to find web servers with vulnerabilities.

This project is not looking directly at the security of the web servers 
themselves, (i.e. operating system level) but at the security of the web 
server applications and the actual web site code.  We would like to know 
what tools, training, standards and developmental activities, etc, that 
your University or higher education institution use in this space.

If further clarification is required, please contact the project manager 
at QUT, Greg Vickers (+61 7 3138 6902), email: g.vickers () qut edu au

Thanks,
-- 
Greg Vickers
Phone: +61 7 3138 6902
IT Security Engineer & Project Manager
Queensland University of Technology, CRICOS No. 00213J

Current thread:

Web Security - what do you do? Greg Vickers (May 06)
- <Possible follow-ups>
- Re: Web Security - what do you do? Pratt, Benjamin E. (May 07)
- Re: Web Security - what do you do? Hugh Burley (May 07)
- Re: Web Security - what do you do? Karen Stopford (May 07)
- Re: Web Security - what do you do? Pace, Guy (May 07)
- Re: Web Security - what do you do? Jason Testart (May 07)
- Re: Web Security - what do you do? Christopher Jones (May 07)
- Re: Web Security - what do you do? Rowe, Ken (May 07)
- Re: Web Security - what do you do? St Clair, Jim (May 07)
- Re: Web Security - what do you do? Gary Flynn (May 07)
- Re: Web Security - what do you do? Paul Keser (May 07)
- Re: Web Security - what do you do? Karen Stopford (May 11)

(Thread continues...)