Overview

By following application and website security best practices, application owners can take proactive steps to eliminate or significantly reduce vulnerabilities in software before deployment. These vulnerabilities potentially provide attackers with the ability to take control of a server or computer, which can result in the compromise of UCSF data and personal data, denial of service, loss of service or damage to a system used by thousands of users. By reducing the numbers of vulnerabilities, UCSF data and personal data is better protected.

Sources for application and website security best practices

• Java
  • Oracle - Secure Coding Guidelines
• C++
  • CERT - Secure Coding Standard for C++
• C
  • CERT - Secure Coding Standard for C
• Perl
  • CERT - Secure Coding Standard for Perl
• Web applications and web servers
  • OWASP Top Ten
  • OWASP Top Ten (2017)
  • PHP - Security

Web application and system vulnerability scanning

In addition to application and website security best practices, ITS Security and Policy can scan your web server for web application vulnerabilities, such as SQL injection and cross-site scripting (XSS), as well as perform a system vulnerability scan on your system.

For more information, visit Application and Website Security.