Application Security
Risk
As with any software, web applications are imperfect. Often the code that drives the application fails to prevent users from executing arbitrary code or circumventing controls, putting the system and data on the system at risk.
The Mitre Corporation maintains a database called the Common Weakness Enumeration. The intent of the database is to define and classify common weakness in web application code. This database is an excellent resource for administrators to help gain an understanding of the risks associated with developing web application code.
Impact
The consequences of a CWE are expressed as a technical impact as it relates to confidentiality, integrity and availability. It is necessary for system administrators to measure the consequences of a CWE against the value of the system affected to fully understand the impact, or potential for impact, to McMaster University systems.
Controls
System administrators should measure application risk before enabling public access to resources. IT Security uses a number of assessment tools that will identify web application weakness and offer system administrators the opportunity to mitigate the risks. For more information, or to schedule a comprehensive assessment of a web application, please contact IT Security at c-it-security@mcmaster.ca
Recommendations
Perform regular risk assessments:
System Administrators should perform the following risk assessments:
- Application risk assessment
- Penetration testing
Service Desk
| Hours: | Monday - Friday 8:30 am - 4:30 pm |
|---|---|
| Phone: | 905-525-9140 x24357 (2HELP) |
| Email: | uts@mcmaster.ca |
| Location: | Main Campus BSB Rm. 245 |
| Service Catalog: | |
| http://www.mcmaster.ca/uts | |
Service Bulletins
- There are no Service Bulletins at this time