Developing an application securely is essential to safeguarding the sensitive information you may be gathering. Taking proactive steps during the development process can significantly reduce or eliminate vulnerabilities in your software. Vulnerabilities can lead to the compromise of UCSF data and/or loss of service. It is important to incorporate secure coding practices when developing your application. A number of resources are available to keep your application secure.
Directions
- Adhere to the guidelines for UCSF IT Application Security.
- The UCSF IT application security page contains a list of resources to keep your application secure. This includes secure coding best practices, security scans and assessments, and more.
- Develop your application following UC IS-3 Electronic Information Security policy and the UCSF Minimum Security Standards.
- If your application handles P3 or P4 data, submit a security risk assessment.
- Start by having the following prepared:
- Data flow diagram (for help preparing one, submit an IT Consultation request here).
- Have all management roles of the system identified (e.g., who "owns" the system, who will manage accounts, etc).
- Documentation of the security procedures you will use to manage the system.
- Initiate a BIA (Business Impact Analysis) – this can be done in parallel with the risk assessment.
- Start by having the following prepared:
- Have a documented plan to keep the application up to date and patched, as well as retiring the application when it is no longer needed.
Support
UC Learning Center Skillsoft offers numerous online courses in a variety of topics, including IT, software development, and security.