Penn State Home

   

 

Policies & Guidelines

SOS Services

Incident Reporting

Security Guides

Setting Passwords

SOS Staff

FAQ

ITS Site Search:



ITS sponsors an annual security awareness campaign

Can't Find It? Ask SOS

 

Web Application Scan Request Form

Complete the following Web form to request that Information Technology Services Security and Operation Services help you identify vulnerabilities and misconfigurations in Web applications and services on your system(s). There is no charge for this service.

Only a departmental network contact can authorize a scan. The appropriate network contacts will be notified to verify a scan request made by non-network staff members. Results of the Web scan will be returned to network contacts but the information may be shared with system administrators of affected machines, and with management in their units as appropriate. (Repeated, unauthorized scan requests (e.g., abusive activity) may result in referral to the Office of Judical Affairs or the Office of Human Resources.)

Once the application has been received, SOS will contact you to finalize information about the Web application prior to starting the scan. If you do not know the programming language that the Web app was created in, you may put a question mark in the field below. However, SOS will need this information to schedule the scan. If you have any password-protected pages, please have an account and password generated for SOS prior to our call. SOS also will need to know if this is a test server (acceptance or confidence) or if this is a production server. SOS will still scan the application if it is a production server, however, in rare circumstances, scans may have inadvertent side effects including, but not limited to, disruption of network traffic, "crashing" of computer and network equipment, or potentially filling a database with extraneous data. For additional information regarding this, and other scanning concerns, please visit the Scanning Concerns and Considerations page.

SOS strongly recommends that you also request an ISS vulnerability scan for your machine

* = required field

Contact's name: *

Contact's phone number: *

URL(s) of Web application you wish to have scanned: *

Is server an acceptance/confidence server or a production server? *

Programming language of Web application: *

Is machine behind a firewall? *
Yes
No

Is there a timeframe you wish to have the scan run during? (You may include a timeframe but please do not ask for a specific date for the scan, since requests are processed in the order that they were received. SOS will attempt to scan during the timeframe requested if possible, barring other higher priority security incidents.
Yes
No

Reason for scan request: *
Verification of security of a new Web application
Verification of security of a new server, workstation or image build
Routine vulnerability assessment
Rescan (delta analysis report provided)
HIPAA security verification
VISA verification
Scan requested by Penn State Internal Auditors
Other (specify):

Would you like a non-invasive scan?
Yes
No (denial-of-service and other potentially harmful tests will be performed against your system.)

Does the Web application contain any password protected pages? *
Yes - SOS will contact you for the account name and password.
No

Additional comments / requests, including any specific vulnerabilities you wish to have tested:

(Penn State authentication required).

 
   
About the units of
ITS Logo
 

 

 The Pennsylvania State University © 2005. All rights reserved.
Alternative Media - Nondiscrimination Statement
This site maintained by Security Operations and Services,
a unit of Information Technology Services.

For assistance, contact Security Operations and Services.
Provide site feedback to the Security Webmaster.

Last revised: 04/22/2006