Below is a list of resources on web development security.

  • Information security requirements: All university hosted web sites are subject to these requirements in compliance with the University Information Security Policy.
  • Secure Shell (SSH): Provides encrypted logins and file transfers, and is a much more secure alternative to Telnet and file transfer protocol (FTP). University Information Services and UISO strongly encourage Web developers to connect to Web servers (i.e. www7) using SSH.
  • Cold Fusion: A scripting language used to develop Web applications at Georgetown University.
    • Adobe Security Zone - includes white papers, best practices, and technical security information for Cold Fusion.
  • Common Gateway Interface (CGI) Scripts:
  • Open Web Application Security Project (OWASP): A world-wide, non-profit chartiable organization that focuses on the improvement of software security and provides users with the knowledge to make informed decisions about software security risks.
    • OWASP homepage
    • OWASP Top 10 (2013): The primary aim of the OWASP Top 10 is to educate developers, designers, architects, managers, and organizations about the consequences of the most important web application security weaknesses. The Top 10 provides basic techniques to protect against these high risk problem areas – and also provides guidance on where to go from here.
      1. Injection
      2. Broken Authentication and Session Management
      3. Cross-Site Scripting
      4. Insecure Direct Object References
      5. Security Misconfiguration
      6. Sensitive Data Exposure
      7. Missing Function Level Access Control
      8. Cross-Site Request Forgery
      9. Using Components with Known Vulnerabilities
      10. Unvalidated Redirects and Forwards