Departments often need to develop applications to meet University needs. Whether these applications are developed in-house or outsourced to vendors, it is important that developers use programming practices that can help to keep the websites secure and avoid any loss of data, especially confidential material. More details can be found in our Application Development Guidelines and the Minimum Security Standard for Application Systems.

Furthermore, if your web applications involve confidential data and web programming technologies (like PHP, JSP, ASP, etc), a health-check scan can scrutinize the applications for potential security risks or vulnerabilities.

In the recent months, ITSC has pro-actively worked with various departments to perform health-check scanning for their high-risk web applications. By the end of August, nearly 120 high-risk web applications across 23 departments have been scanned and quite a number of them have critical vulnerabilities which required immediate attention.

ITSC will continue to work with departments' Cyber Security Coordinators (CSC) on this exercise. More information can be found at :

http://itsc.ust.hk/services/cyber-security/application-security