All website and application developers are required to follow university security standards and policies, which are overseen by the Chief Information Officer and the Information Security Office (ISO).
Developers are expected to follow secure coding best practices when developing solutions and to actively practice and participate in the maintenance of the secure coding best practices. Developers are encouraged to work with ISO to ensure that all university-built or third-party applications are scanned or vetted by ISO before being implemented into the university’s IT resource landscape.
Secure Web Application Coding Guidelines
The secure Web application coding guidelines are a checklist that contains best practices and design guidelines and is intended to be a concise reference document for developers. Developers should also refer to the Minimum Security Standards for Application Development and Administration.
Tools for Securing Your Departmental Systems
The Information Security Office (ISO) provides a list of tools for securing departmental systems that serves as a resource for campus IT administrators to secure departmental systems and applications.
Information Security Office
The Information Security Office (ISO) provides information on how developers can secure computer systems, websites and applications and how members of the community can protect the university’s information technology resources. ISO regularly scans websites for vulnerabilities and will restrict access to insecure sites until vulnerabilities are remedied. ISO also consults with developers on secure coding best practices and reviews third-party tools to ensure that they meet the university’s policies.