General Description
Purpose:
In order to maintain the integrity and security of web applications, CSUB uses a web scan application. This tool can scan applications for a multitude of potential breach points such as SQL Injection, cross site scripting, web security, and directory traversal, to name a few. Web Application Scan tools are very aggressive and perform a scan similar to an actual attack. It is imperative that the system to be scanned be in non-production.
Implements: Audit Report 14-52, Audit Finding #9 Web Maintenance and Security
Implements: Audit Report 14-52, Audit Finding #9 Web Maintenance and Security
Policy/Procedure
Web Maintenance and Security Policy
Campus must perform a vulnerability scan on websites before the website is placed into production, and regularly thereafter.
Acknowledgement
A special thank you to the Information Security Work Group who is responsible for assisting the University Information Security Officer with developing and issuing information security policies, procedures and standards to the campus community. The ISWG includes Kal Shenoy, Sue Rivera, Chris Diniz, Mike Fleming, Joe Nailor, Kenton Miller, Tem Moore, Brian Chen, and Don David.