Application Security Service

Customers find value in the Application Security Service for its practical benefits. It promptly addresses security issues through Bug Tracking and keeps security policies up-to-date with regular ISO Assessments, aligning with evolving threats and compliance standards. The service ensures ongoing system performance and security through Infrastructure Updates, actively identifies and mitigates risks with ISORA Assessments, and addresses critical web application vulnerabilities outlined in the OWASP Top 10. Additionally, it maintains secure user access through Role and Authorization Reviews and actively identifies and resolves weaknesses with Vulnerability Assessments. In essence, the service provides a practical and continuous security improvement approach for organizations concerned about evolving cybersecurity threats.

See below to explore the service's features. 

Features

Bug Tracking: 

  • Establish a clear process for prioritizing and resolving reported bugs, ensuring that critical security vulnerabilities receive immediate attention. 

Information Security Office (ISO) Assessment: 

  • Conduct periodic assessments by the Information Security Office (ISO) to evaluate the overall security posture of the organization. 
  • Review and update security policies, procedures, and guidelines based on the ISO assessments to align with evolving threats and compliance standards. 
  • Ensure that the ISO assessments cover various aspects, including data security, network security, physical security, and employee training. 

Infrastructure and Language Version Updates: 

  • Regularly monitor and update the infrastructure, including servers, databases, and network components, to address vulnerabilities and maintain performance and security. 
  • Keep programming languages, frameworks, and libraries up to date to benefit from security patches and feature enhancements. 
  • Implement a change management process to assess the impact of updates before deploying them into production. 

ISORA Assessment: 

  • Perform regular assessments based on industry-standard security frameworks, such as the Information Security Objectives and Risk Assessment (ISORA). 
  • Use ISORA to identify potential risks, evaluate the effectiveness of existing security controls, and establish risk mitigation strategies. 
  • Continuously refine security measures based on ISORA assessments to ensure ongoing security improvements. 

Open Web App Security Project (OWASP) Top 10: 

  • Regularly review and address security issues identified in the OWASP Top 10 list, which highlights the most critical web application vulnerabilities. 
  • Integrate OWASP best practices into the software development life cycle to prevent these vulnerabilities during coding and testing phases. 
  • Stay up-to-date with new additions to the OWASP Top 10 and adjust security strategies accordingly. 

Regular Role and Authorization Review: 

  • Conduct regular reviews of user roles and permissions to ensure that access rights are appropriate and up-to-date. 
  • Implement the principle of least privilege to limit user access to only the necessary resources and functions. 
  • Automate role and authorization reviews to minimize the risk of human errors and unauthorized access. 

Regular Vulnerability and Security Assessments and Mitigation:

  • Perform regular vulnerability scans and penetration tests to identify potential security weaknesses. 
  • Establish a process for prioritizing and mitigating discovered vulnerabilities, based on their severity and potential impact. 
  • Monitor and track the progress of vulnerability remediation efforts, ensuring that they are addressed in a timely manner. 
Available to

Application Security is available to TRecs customers. 

Support

Technology Resources Provides: 

Technology Resources adheres to University security standards in all aspects of application development, maintenance, and management. TRecs is responsible for regular vulnerability and security assessments to ensure the safety of University data. 

Customer/Client Provides: 

  • Customers are expected to report any unexpected errors for TRecs to investigate.
  • Customers provide timely feedback on application maintenance and testing requests.  
Expectations to Requested Service

What to Expect Time Frame: 

TRecs staff are expected to reply to inquiries within 1 business day unless the priority or urgency of the request requires a quicker response. Please contact the ADM team at trecs-requests@utlists.utexas.edu for more information.

Special Instructions to Requesting Services

TRecs customers are expected to reach out to trecs-requests@utlists.utexas.edu for any requests and inquiries for existing or new applications.

Rates/Prices

Application security requests outside the scope of the services listed here may result in a cost. Rates and prices may be discussed if additional services are needed.   

FAQs

Question: Does TRecs perform routine security assessments?  

Answer: Yes, TRecs upholds University security standards by regular security sweeps and mandatory ISO testing.   

Question: Does TRecs track bugs?  

Answer: Yes, TRecs is responsible for bug tracking, but the client should report any functionality issues they encounter.  

Question: Where can I find information on scheduled maintenance?  

Answer: Please see TRecs Maintenance Calendar for scheduled maintenance updates. TRecs staff will also communicate maintenance with impacted customers.