Penn Information Security: Information for Application Developers


	Wednesday, May 14, 2008

	Security Checklists & Policies
	Secure desktop computing
	Secure servers
	Secure web applications
	Tips for safe computing
	Computing policies

	Email
	Harassment & Forgery
	Hoaxes, frauds & scams
	Spam & Email relays
	Encryption & digital signatures

	More in-depth information for
	Local support providers
	System administrators
	Application developers

	Security initiatives
	Critical host compliance
	Authentication & authorization
	Penn Security & Privacy Assessment (SPIA)

	Related links
	Electronic privacy
	PennKey
	Viruses
	Worms, trojans, backdoors

Information Security resources for Application Developers

Ensure that your web applications follow Penn's security standards.
Make sure that the system administrator of your server has taken steps to see that your server is properly secured.
Ensure that access to your sensitive applications is properly authenticated and authorized.
Subscribe to your operating system vendor and application software vendors' security advisories email list.
Report all critical security incidents to information security.

Web Security Standards: Things to consider in order to limit the risks associated with using web-based applications for sensitive data
SWAT: Penn's Secure Web Application Team - "Top 10 Web Application Security Vulnerabilities"
Securing web pages: an example describing methods that are applicable for an Apache web server
Critical Host policy information for web application developers: The requirements and constraints for attaching and securing a critical computer to PennNet
Critical Host registration
PennKey information for web application developers: things to know about authentication and authorization

Last updated: Friday, July 13, 2007



Information Systems and Computing University of Pennsylvania Comments & Questions