DePaul's Information Security team provides several services that may be of interest to internal developers, website editors, and employees.
The Information Security team can provide a web application scan which will find vulnerabilities that can be exploited. At your request, we can run the scanner against your web based application and provide you with the results. We will be happy to discuss how to best remediate any problems with you. If you are interested in a web application scan, please contact Information Security.
We are happy to work with you to review your website's or web application's source code to ensure safety. Typical things we check for are proper validation, proper use of credentials and authentication, encryption of database information, and mitigation techniques for preventing SQL insertion and cross site scripting attacks.
All arrangements where DePaul uses an outside service provider to process DePaul data require review by General Counsel and Information Security. It is helpful to get us involved as early as possible to review the security architecture of the proposed service. To become familiar with some things we will cover, please see: Information Security Review for Hosted Systems
For your convenience, we have put together a document containing our best practices for website and web application development. Please contact us with any questions you may have regarding this document.
At your request, we can hold an information security informational session in your office. During the session we will go over common security problems and solutions, data loss prevention, how to recognize spam emails, how to choose a proper password, and what to do if you believe your username and password have been compromised.
Should you have any kind of computer security incident, please contact Information Security immediately. We will work with you and attempt to rectify the situation as quickly as possible.