Skip to navigation content (Press Enter).

Application Security


As with any software, web applications are imperfect.  Often the code that drives the application fails to prevent users from executing arbitrary code or circumventing controls, putting the system and data on the system at risk.

The Mitre Corporation maintains a database called the Common Weakness Enumeration.  The intent of the database is to define and classify common weakness in web application code.  This database is an excellent resource for administrators to help gain an understanding of the risks associated with developing web application code.


The consequences of a CWE are expressed as a technical impact as it relates to confidentiality, integrity and availability.  It is necessary for system administrators to measure the consequences of a CWE against the value of the system affected to fully understand the impact, or potential for impact, to McMaster University systems. 


System administrators should measure application risk before enabling public access to resources.  IT Security uses a number of assessment tools that will identify web application weakness and offer system administrators the opportunity to mitigate the risks.  For more information, or to schedule a comprehensive assessment of a web application, please contact IT Security at


Perform regular risk assessments:

System Administrators should perform the following risk assessments:

  • Application risk assessment
  • Penetration testing

Service Bulletins

Citrix Receiver Client Update

UTS asks Citrix users to upgrade Citrix Receiver Client to the most current version by February 28, 2017. See UTS Citrix website for installation and removal information.

Mosaic Upgraded Interface

Service Desk

Client Self Service:
Hours: Monday - Friday
8:30 am - 4:30 pm
Phone: 905-525-9140 x24357 (2HELP)
Location: Main Campus BSB Rm. 245
Service Catalogue:

Great Idea Site

Great Idea