DePaul University Information Services > Security > Security Guidance > Services Offered

Services Offered by Information Security

DePaul's Information Security team provides several services that may be of interest to internal developers webmasters, and employees.

Application Scanning

The Information Security team currently owns a license to IBM's Rational Appscan product. This is a web application scanner which will find vulnerabilities that can be exploited. At your request, we can run the scanner against your web based application and provide you with the results.  We will be happy to discuss how to best remediate any problems with you.  If you are interested in a web application scan, please contact Information Security.

Code Reviews

We are happy to work with you to review your website's or web applications source code to ensure safety.  Typical things we check for are proper validation, proper use of credentials and authentication, encryption of database information, and mitigation techniques for preventing SQL insertion and cross site scripting attacks.

Hosted Application Review

All arrangements where DePaul uses an outside service provider to process DePaul data require review by General Counsel and Information Security.   It is helpful to get us involved as early as possible to review the security architecture of the proposed service. To become familiar with some things we will cover, please see: Information Security Review for Hosted Systems

Secure Coding Standards

For your convenience, we have put together a document containing our best practices for website and web application development.  Please contact us with any questions you may have regarding this document.

Security Information Sessions

At your request, we can hold an information security informational session in your office.  During the session we will go over common security problems and solutions, data loss prevention, how to recognize spam emails, how to chose a proper password, and what to do if you believe your username and password have been compromised.

Incident Response

Should you have any kind of computer security incident, please contact Information Security immediately. We will work with you and attempt to rectify the situation as quickly as possible.