Please skim: Common Security Mistakes in Web Applications

What not to post

  • PHI
  • Student records
  • Proprietary research
  • Passwords


Top vulnerabilities

  • Weak or stolen passwords on our accounts
  • Web applications (wordpress, moodle, etc)
  • SQL injection
  • Rogue accounts
  • Cross site scripting (XSS)


Things you can do

  • Stop building web forms – we have a form server now
  • Keep your websites clean – remove old stuff !
  • Develop locally, not on a live website
  • Password protect using Shibboleth
  • Use a password manager
  • Use passphrases
  • Keep up to date!  Read web development & tech blogs