Penn State Home

                                        

   

 

Policies & Guidelines

SOS Services

Incident Reporting

Security Guides

Setting Passwords

SOS Staff

FAQ

ITS Site Search:



ITS sponsors an annual security awareness campaign

Can't Find It? Ask SOS

 

AppScan by Watchfire

What is AppScan?

The Pennsylvania State University’s Security Operations and Services office, a unit of Information Technology Services, can help you identify vulnerabilities and misconfigurations in Web applications and services, at no charge leveraging AppScan, a commercial grade scanning tool, from Watchfire.

Note: The University reserves the right to scan at any time any machine directly connected to its networks.

Who Can Request a Web Scan?

Only a departmental network contact can authorize a scan. The appropriate network contacts will be notified to verify a scan request made by non-network staff members. Results of the Web scan will be returned to the network contacts but the information may be shared with system administrators of affected machines, and with management in their units as appropriate.

What Happens When I Request a Web Scan?

Network contacts can request a scan at their discretion. Scans can be performed as often as contacts deem necessary to protect their environment. Once a request is made, ITS’ Security and Operations Services may contact the scan requestor for more detailed information prior to starting the scan, Results will be returned to the network contact for appropriate action. A scan may be delayed in the event of a high priority security incident. Large-scale scans will take longer to process and analyze. In the event of several concurrent large-scale scans, SOS will contact the requestors to advise them of the situation.

Note:  Repeated, unauthorized scan requests (e.g., abusive activity) may result in referral to the Office of Judicial Affairs or to the Office of Human Resources.

What are Some Limitations of the Web Scanning Service?

Under certain circumstances, some vulnerabilities or misconfigurations will not be detected. The Web application/service should be secured to industry standard practices and this scan should not be used as a guarantee that your Web application/service is secure. SOS recommends scanning a test Web application server rather than a production server. In rare circumstances, scans may have inadvertent side effects including, but not limited to, disruption of network traffic, "crashing" of computer and network equipment, or potentially filling a database with extraneous data. For additional information regarding this, and other scanning concerns, please visit Scanning Concerns and Considerations page:

How Can I Request a Web Scan?

To request a Web application scan, please navigate to the following link: AppScan Web request form

If you haven't already done so, please also request a ISS vulnerability scan for your machine which will attempt to identify vulnerabilities and mis-configurations in the operating system and installed software.

 
   
About the units of
ITS Logo
 

 

 The Pennsylvania State University © 2005. All rights reserved.
Alternative Media - Nondiscrimination Statement
This site maintained by Security Operations and Services,
a unit of Information Technology Services.

For assistance, contact Security Operations and Services.
Provide site feedback to the Security Webmaster.

Last revised: 05/13/2005

 

  
%Y" startspan -->05/13/2005