Difference between revisions of "Web Application Security"
Moskalenko (talk | contribs) |
Moskalenko (talk | contribs) |
||
Line 9: | Line 9: | ||
All web applications developed and running in pubapps require maintenance because security requirements are not static and the necessary security updates may necessitate either of | All web applications developed and running in pubapps require maintenance because security requirements are not static and the necessary security updates may necessitate either of | ||
− | * updating application code if a vulnerability is discovered in | + | * updating application code if a vulnerability is discovered in an application hosted in PUBAPPS. |
− | * updating the framework an application is using if a vulnerability is discovered in the framework version used by a | + | * updating the framework an application is using if a vulnerability is discovered in the framework version used by a PUBAPPS application. |
* Updating application code if the system package(s) were upgraded in the normal course of system maintenance whether due to a security vulnerability in the package or because of a dependency. | * Updating application code if the system package(s) were upgraded in the normal course of system maintenance whether due to a security vulnerability in the package or because of a dependency. | ||
Revision as of 18:51, 18 July 2024
Back to Web_Application_Hosting
Security Practices
All web applications developed and running on the PUBAPPS web hosting infrastructure must adhere to the OWASP web security testing guidelines summarized in the OWASP Checklist and especially the top ten vulnerabilities. It is the responsibility of a project using PUBAPPS to follow the OWASP guidelines. All web applications are subject to security scanning by UFIT Security and a takedown (immediate to delayed depending on the severity of the issue) with appropriate notification of the project group's sponsor.
Application Maintenance
All web applications developed and running in pubapps require maintenance because security requirements are not static and the necessary security updates may necessitate either of
- updating application code if a vulnerability is discovered in an application hosted in PUBAPPS.
- updating the framework an application is using if a vulnerability is discovered in the framework version used by a PUBAPPS application.
- Updating application code if the system package(s) were upgraded in the normal course of system maintenance whether due to a security vulnerability in the package or because of a dependency.
It is the responsibility of a project hosting application(s) no PUBAPPS to update their application code and or dependencies in response to security vulnerabilities. All applications that are not updated within the timeframe stated in the notification are subject to a takedown.
Please contact UFIT RC Support] if you have any questions or concerns in regards to application(s) hosted in PUBAPPS.