Do you want to know how to secure your websites, applications, servers and the databases behind them? Are you an expert, or would you like to become an expert in developing secure code, detecting vulnerabilities or hardening web infrastructure? You don’t have to be a security guru to make a difference.
Our Web Security SIG is working to provide educational opportunities, tools, resources, and best practice documentation related to web security. This group will coordinate with the information security officers and existing IT security groups at Texas A&M and the A&M system to improve our security posture across the University.
Update from SIG launch meeting
We had a great turnout for our Devops/Web Security SIG event and lots of great ideas were pitched. Next step is to review these as a community and chose a few goals we can begin working towards.
Ideas for: measurable goals the SIG can work on:
- Migration to HTTPS
- Progress towards requiring Duo on all logins/servers
- Progress towards sites getting A grade for https configuration
- Progress towards sites getting A grade for security headers
- Progress towards automated, recurring scanning of servers and websites (Tenable, Nessus, Nexspose or something like that).
- Progress towards using a Syslog or external log server with alerts and monitoring
- Progress towards developers receiving training on developing secure web apps/sysadmins on server hardening for their platform.
- Progress towards each college having a record of high-value assets, where they are, how they are secured, how they are monitored, related policies and documentation.
- Develop a shared resource database at github.tamu.edu. This could include documentation for hardening web servers and other systems, shared Chef recipes, etc.
- Coordinate training or peer mentoring events for web developers and sysadmins