In response to growing concerns on the UA campus relating to computer security this guide is under development to establish best practices for web application development. This guide is being developed by a cross-departmental team of software managers and engineers.

Web Application Development is a large topic with many best practices being connected to the specific technology platform being utilized. For instance, PHP/Apache/MySQL development has some specific best practices that are not applicable to .Net/IIS/MS SQL-Server development.  This guide contains sections for specific web application best practices related to .Net, Java, PHP and ColdFusion.
 
Security itself is large topic that covers many areas including, but not limited to: the server, the network, application code, data source (database), and the client (browser).  The security section of this guide focuses on application code.  It briefly discusses the data source and the server.  Securing the network and server is best left to Network and Systems Administrators and is beyond the scope of this document.
 

This guide covers:

• General Security
  Covering a variety of security vulnerabilities common to all web applications.
• General Coding
  Covering general software development best practices.
• Databases
  Covering general database design and implementation best practices.
• Operating in a multi-developer environment
  Covering recommendations for managing an environment where many developers need to concurrently, work on a common code library.
• Language specific best practices
  • .Net
  • Java
  • PHP
  • ColdFusion