Some websites are required by law to have a privacy statement. California Information Practices Act §1798.17 Each agency shall provide on or with any form used to collect personal information from individuals the notice specified in this section.
No person or organization may use the University name in conjunction with advertising or to list the University as a user of any product or service or as the source of research information on which a commercial program or publication is based. Use of the University Name, Seal, & Logo
Acknowledgements and Advertising Sponsor/Donor information should not dominate any UCSB Web page, unless the page’s clearly stated purpose is to acknowledge the support. An acknowledgement is not to promote or endorse the sponsor, the sponsor’s products or services.
Internet-Based Services and Software “Click-Throughs”
Regents Standing Order 100.4 (dd).9 requires the specific authorization from UC Board of Regents to enter into agreements where the University assumes liability (e.g. provides indemnity) for the acts of parties beyond the University’s control. Indemnification Risk and Impact Must consider the sensitivity of data being stored or processed and the business criticality of the functions being moved to the cloud. Favorability Must consider other terms of the contract: data access/ retention/ transfer, governing law, limitation of liability, representations and warranties, response to legal orders, Terms of Service, 3 rd party audits, acceptable use policies
Web Standards Guide http://www.ucsb.edu/webguide/policies Policy Website http://www.policy.ucsb.edu/policies/
overview of Web standards 05 security Sam horowitz
Introduction to Web Standards and Policies Web Application Security
Why Security In This Context? Because lack of security is pervasive Allows theft of sensitive data Permits corruption of content or data Allows bad things to happen in the UCSB’s name Provides a vector for other types of attacks
Understanding Security Risks The Open Web Application Security Project (OWASP) has compiled a “Top 10” list of risks Injection Sensitive Data Exposure Broken Authentication & Session Management Missing Function Level Access Control Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Insecure Direct Object Reference Using components with known vulnerabilities Security Misconfiguration Unvalidated Redirects and Forwards
A Word About Credit Cards Heard of TJ-Maxx, Target, or Michaels? Heard of Brockport College, USC or UC Riverside? UCSB processed 129K transactions totaling $13.8M last fiscal year. July-February 239K transactions $11M Credit and Debit cards are special If you don’t have to take them, don’t You can refer to a payment processor (e.g. Authorize.net) If you do need to process credit cards, read the PCI DSS. It’s worse than it looks.
Web Security and You As a web developer it’s your job to protect your users, UCSB, & the worldwide web You need to know what you are protecting and what you should be serving You need to know and understand what can go wrong & you need to prevent it
There is Help The web has a plethora of help available OWASP is a resource https://www.owasp.org/index.php/Top_10https://www.owasp.org/index.php/Top_10 Multiple tutorials are available by Google search Wikipedia is pretty good in this area Youtube videos explain risks and how to mitigate Vendors in this space have references too Veracode, HP Fortify, Imperva for example
Visual Blindness, Low Vision, Color-Blindness Hearing Deafness, Hard-of-Hearing Motor Inability to Use Mouse, Slow Response Time, Limited Fine Motor Control
Visual Blindness, Low Vision, Color-Blindness Hearing Deafness, Hard-of-Hearing Motor Inability to Use Mouse, Slow Response Time, Limited Fine Motor Control Cognitive Learning Disabilities, Distractibility, Inability to Remember/Focus
overview of Web standards 07 Content management systems David gurba
Content Management Systems at UCSB WSG - Web Standards and Policies Presenter: David Gurba
CMSs on Campus ● SiteFinity by Student Affairs SiteFinity ● Wordpress http://www.wordpress.org/http://www.wordpress.org/ ● Drupal http://drupal.org/http://drupal.org/
Drupal Resources ● Development (Coding & Design) ● Web Hosting ● User Groups ● Web Resources
Developers on Campus Ocean ‘O Graphics Monica Pessino http://www.news.ucsb.edu http://education.ucsb.edu http://msi.ucsb.edu http://www.oep.ucsb.edu Recharge rate is ~$50 per hour for on campus clients, and ~$70 for off campus clients.
Developers on Campus Artworks David Gurba firstname.lastname@example.org http://sagecenter.ucsb.edu https://ccs.ucsb.edu http://www.theaterdance.ucsb.edu/projects/odyssey/ https://rmp.id.ucsb.edu Recharge rate $55/hr on-campus; $83 off-campus.
Web Hosting on Campus LSIT http://lsit.ucsb.edu/http://lsit.ucsb.edu/ ● has a Drupal Platform for L&S departments, projects and professors. If your site fits in their platform you may use it free of cost. ● http://lsit.ucsb.edu/helpdesk/shares/department http://lsit.ucsb.edu/helpdesk/shares/department ● Host PHP and other technologies for free.
Web Hosting on Campus ETS http://www.ets.ucsb.edu/services/ets- sites http://www.ets.ucsb.edu/services/ets- sites ● Host’s drupal websites ● Simple sites -- defined as those containing less than 80 feature "modules" -- cost $352/year ● Complex sites -- which are those that contain 80 or more "modules" -- cost $980/year
Local User Groups UCSB Drupal Users Group https://it.ucsb.edu/groups/drupal http://wiki.eri.ucsb.edu/sysadm/Category:Drupal Santa Barbara Drupals User Group https://groups.drupal.org/sbdrupal
Web Resources http://drupal.stackexchange.comhttp://drupal.stackexchange.com (free) http://drupal.orghttp://drupal.org (free, Issues, Docs) http://buildamodule.comhttp://buildamodule.com ($) http://lynda.comhttp://lynda.com (free for campus!) https://drupal.org/irchttps://drupal.org/irc (free, make a friend!)