Web Maintenance and Security Policy

Effective Date:      05/26/2015
Implements:           Audit Report 14-52, Audit Finding #9 Web Maintenance and Security
Document Title:    Web Maintenance and Security Policy.docx
Author:                   Kal Shenoy, Interim Assistant Vice President of Information Technology Services (ITS)
File Location:        ITS

Overview
In order to maintain the integrity and security of web applications, CSUB uses a web scan application. This tool can scan applications for a multitude of potential breach points such as SQL Injection, cross site scripting, web security, and directory traversal, to name a few. Web Application Scan tools are very aggressive and perform a scan similar to an actual attack. It is imperative that the system to be scanned be in non-production.

Web Maintenance and Security Policy
Campus must perform a vulnerability scan on websites before the website is placed into production, and regularly thereafter.

Acknowledgement
A special thank you to the Information Security Work Group who is responsible for assisting the University Information Security Officer with developing and issuing information security policies, procedures and standards to the campus community. The ISWG includes Kal Shenoy, Sue Rivera, Chris Diniz, Mike Fleming, Joe Nailor, Kenton Miller, Tem Moore, Brian Chen, and Don David.