Conducting An Instiution-Wide, Multi-Department Application Security Assessment presented at LASCON 2010

by Jay Paz, Charlie Scott,

Tags: Application Security Analysis


Summary : From early 2009 until mid-2010, the Information Security Office at the University of Texas at Austin conducted a security assessment of over 250 web applications, spanning over 30 departments. The objectives of this assessment were to provide a thorough security review of existing applications, and act as an education and awareness exercise for the application developers. This presentation covers the political, technical, and scheduling challenges encountered on this assessment, how they were overcome, the results of the assessment and the changes they brought about, and lessons learned by the assessment team.