Information Technology Services at The University of Iowa

Web Application Security Best Practices

Data stolen from University databases and web applications has become a frequent news headline in past years. Well over 900,000 people have had personal information or their social security numbers stolen from various universities in the last few months. Web applications are constantly probed for vulnerabilities with SQL injection, cross-site scripting and many other types of attacks. Are your applications secure enough? Even if you think they are, it’s a good time to test applications, update third-party apps, review source code, and examine server logs for evidence of new vulnerabilities.

Web Security Best Practices:

  • Regularly test web applications for vulnerabilities
  • Limit SQL account privileges
  • Show sanitized error messages which don’t reveal sensitive information
  • Normalized input makes filtering more effective by limiting analysis to a specific character set.
  • Review Logs regularly
  • Purge sensitive data as soon as possible.
  • Request the security office to assess your web application security.
  • Implement additional filtering with mod_security or urlscan server modules

Resources:

Comments are closed.