Educause Security Discussion mailing list archives
Re: Web Security - what do you do?
From: Gary Flynn <flynngn () JMU EDU>
Date: Thu, 7 May 2009 14:47:38 -0400
Karen Stopford wrote:
I don’t think installing a Web Application Firewall is an adequate compensating control for vulnerable code.
Agreed. Appropriate bounds setting,
input validation, use of stored procedures, etc. should be a requirement for any in-house or COTS application.
How do you verify the development process and implementation on COTS applications? Have you been able to deny a departmental purchase of an application because it doesn't use stored procedures or because they can't or won't make their development process and implementation details available for inspection? -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Web Security - what do you do? Greg Vickers (May 06)
- <Possible follow-ups>
- Re: Web Security - what do you do? Pratt, Benjamin E. (May 07)
- Re: Web Security - what do you do? Hugh Burley (May 07)
- Re: Web Security - what do you do? Karen Stopford (May 07)
- Re: Web Security - what do you do? Pace, Guy (May 07)
- Re: Web Security - what do you do? Jason Testart (May 07)
- Re: Web Security - what do you do? Christopher Jones (May 07)
- Re: Web Security - what do you do? Rowe, Ken (May 07)
- Re: Web Security - what do you do? St Clair, Jim (May 07)
- Re: Web Security - what do you do? Gary Flynn (May 07)
- Re: Web Security - what do you do? Paul Keser (May 07)
- Re: Web Security - what do you do? Karen Stopford (May 11)
- Re: Web Security - what do you do? Russell Fulton (May 11)