Information Security
Best Practices for Application Security
Application security includes control process, secure coding practices and as well as configuring third party applictions to protect the privacy, confidentiality and integrity of data.
Process Control
- Apply access control
- Restrict access to programs and applications using confidential data
- Maintain up-to-date list of authorized users
- Testing
- Use masked test data
- Dispose of test output files securely
- Separate test and production functions
- Maintain auditable change control process
- Apply security controls
- Apply audit controls
- Examples of process controls
- Information Security Forum's Systems Development
- BU's Database/Security Best Practices
Secure programming
- Overview and Principles
- Secure Coding Principles 101
- Federal
- DHS's Build Security In, secure portal provides best practices and tools for software developers.
- Web Practices
- Open Web Application Security Project (OWASP)
- WebCentral's Secure Coding Practices, printer friendly version
- Microsoft
- Writing Secure Code from Microsoft's Security Developer Center
- .Net vulnerabilities and work arounds from Secunia
Securing Applications
- Desktop applications
- Risks of File-Sharing Technology
- Instant Messaging Applications from SANS
- Special precautions for Internet Explorer
- MSDE security and authentication from Microsoft
- Outlook from SecurityFocus and Outlook 2003 from from Fermi Lab
- Risks of P2P File Sharing
- CERT's Securing Your Web Browser
- See Servers for databases, email and web software.
Tufts Home |
Inside Tufts |
Contact University Information Technology
Privacy/Security Notices |
Updated April 30 2008
© 2008 Trustees of Tufts College. All rights reserved.