Security for Web Applications and Development

Date: 
Wednesday, February 10, 2010

Announcements

  • none

Presentation:Security for Web Applications and Development
Presenter: Kelley Bogart (Information Security Office)

Presentation (PDF format)

Q: Is the training going to be high-level?
A: Yes, i.e., will not describe how to fix vulnerabilities.
Q: When do you anticipate getting to the deeper level?
A: When we have the resources. ISO is only two people.
Comment: What would really help is a way to focus on the most important vulnerabilities.
A: OWASP is getting better at this.
Q: Are you looking at any peer institutions who have a similar training program?
A: Yes. ASU has some online. We are looking at others. OWASP is good for this.
  • The Web Developers training will also be in D2L.
  • Someday there may be one for sysadmins and IT managers.
  • We only have 2 AppScan licenses -- a bottleneck.