BE Aware, BE Informed, BE...
September 11, 2008
Due to a recent security breach at a state agency, I want to remind you that hackers are increasingly focusing their attention on applications rather than networks. Web sites created in an insecure manner are an easy way for hackers to access your agency’s resources. I’d like to point you to a few resources that discuss best practices for secure web page creation.
The SANS Institute offers newsletters that can let you know about current web vulnerabilities. You can subscribe to their newsletters by going to www.sans.org. Here’s a paper in the SANS Reading Room on web application security: http://www.sans.org/reading_room/whitepapers/application/2053.php
In addition, the Open Web Application Security Project (OWASP) has a website with lots of information on web application security: http://www.owasp.org/index.php/Main_Page
13 Ways to Get Your Developers on Board with Software Security
http://h71028.www7.hp.com/ERC/cache/571090-0-0-0-121.html&ERL=true
It’s a good idea to have an application security scan performed on your websites. Application security scanners look for issues such as cross-site scripting and SQL injection attacks. If you need assistance with application security scans for your agency, please contact me.
Thank you,
Kym Patterson
Chief Security Officer
Due to a recent security breach at a state agency, I want to remind you that hackers are increasingly focusing their attention on applications rather than networks. Web sites created in an insecure manner are an easy way for hackers to access your agency’s resources. I’d like to point you to a few resources that discuss best practices for secure web page creation.
The SANS Institute offers newsletters that can let you know about current web vulnerabilities. You can subscribe to their newsletters by going to www.sans.org. Here’s a paper in the SANS Reading Room on web application security: http://www.sans.org/reading_room/whitepapers/application/2053.php
In addition, the Open Web Application Security Project (OWASP) has a website with lots of information on web application security: http://www.owasp.org/index.php/Main_Page
13 Ways to Get Your Developers on Board with Software Security
http://h71028.www7.hp.com/ERC/cache/571090-0-0-0-121.html&ERL=true
It’s a good idea to have an application security scan performed on your websites. Application security scanners look for issues such as cross-site scripting and SQL injection attacks. If you need assistance with application security scans for your agency, please contact me.
Thank you,
Kym Patterson
Chief Security Officer
posted by arkietechs at 7:18 AM
0 Comments:
Post a Comment
<< Home