1 / 5

Web Application Security

The Information Security Office has outlined vital recommendations to enhance the security of ASU web domains. Key actions include implementing secure socket layer (SSL) logins for sites lacking digital certificates, centralizing digital certificate management, and cleaning up outdated websites. Departments are urged to improve their website management and ensure academic freedom is balanced with oversight. A thorough scan for security risks and a clear inventory of site ownership are critical for safeguarding university overall digital presence. Collaboration with department owners to resolve security issues is essential.

raymond-valenzuela
Télécharger la présentation

Web Application Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web Application Security UTO Information Security Office Aug 25, 2010 Rev 1

  2. Overall recommendations • Under the direction of the Information Security Office: • Resolve lack of secure socket layer logins and missing digital security certificates on asu.edu academic and administrative sites • Secure them AND move to centralized digital certificates managed by UTO • Clean up old sites • Identify owners of remaining sites • All Departments to increase management of their web presence on the asu.edu domain

  3. Websites on asu.edu ASU.EDU Balance academic freedom with volume control for new sites Purge obsolete sites Scan for security risks Continue to improve inventory list OWNER identification is critical

  4. Lack of Secure Socket Layer Login • There are a number of sites on asu.edu with login pages that lack a secure socket layer and/or valid digital certificate. • We have identified owners or email contacts for these sites, and will be working with said owners to secure the logins. • 70% are Academic web pages (College Departments, Faculty, Students) • 25% are Administrative dept web sites/pages. • 2.5% are Services intended for the general public • 2.5% redirect to external sites • TAG members assisting departments

  5. Non-SSL Websites • The Departments or Colleges that own the sites:

More Related