Conferences & Events
Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Policies on security for custom-developed web apps
I recently talked web application security with one of my guys. He would like a clear policy.
Right now, I have no prescriptive policy, just guidance that the developer must be well-educated in general security practices and be prepared to apply them as needed. On the training end, I’ve recently had my team sit down for a series of web application security videos over Pluralsight.
I also have some well-understood general expectations, like the application must use HTTPS or other secured connections if anything sensitive is transmitted. Outside that, given the wide variety of situations—application types, functionality, scenarios, other systems they work with, etc.—I cannot imagine a clean prescriptive policy.
How have you approached this?
Aren Cambre, '99, '03