Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vulnerability Management Team Information Security Office

Published byTerence Bradley Modified over 6 years ago

Similar presentations

Presentation on theme: "Vulnerability Management Team Information Security Office"— Presentation transcript:

1 Vulnerability Management Team Information Security Office
Web Cluster Scans Vulnerability Management Team Information Security Office Intro!

2 Where do we start? Why is this important? What is the web cluster?
To understand a web cluster, you need to start with a web server. A single server that hosts web content for others to see. A cluster is simply a group of servers that all host the same content, and you do this when you expect a large amount of traffic, as our main web presence does. In order to make this cluster work, you need staff. Lots of staff. You need staff to manage the servers themselves, which we have within OIT, and you need developers to manage the code, content, and functionality of the web applications, which we also have through University Web Services and the departmental developers that work for specific areas of the campus community. Once you have both of these elements, along with a sound network to host them on, you get your web presence. This is important because our web presence is our number one way that the world gets to know us. It’s helpful to those who are a part of UT Dallas, but it is much more valuable to the outside world. So, between the servers, the different departments who own different sections of our web presence through the cluster, and everything in-between – where do we start?

3 786 57 28% Inventory Document Contact Report Plan Scan
We start with an inventory, which we already have completed for the top level directory structure of the web cluster. There are 786 top level directories within the cluster. Then, we start getting in touch with those who we have identified as the content owners or custodians for those areas. This is usually the department web developer or UWS. We have identified at least 57 unique points of contact. We are still waiting to hear back from a few areas, but this number could easily be above 60 by the time everything is finalized. We then plan out our strategy. When to scan, what to include, what to prepare for, etc. will all be asked at this point in time. During this planning process, we’re going to be working through some findings we have come across during the inventory process, including 28% of all top level directories leading to some form of error page, which we believe is most likely going to be some easy cleanup. Once we feel good about our plan, we move forward and scan the application(s) using our web application scanning tool, Trustwave App Scanner. After the scans have finished, we then report our findings, even if the findings are that the application looks good. If items need to be addressed, we report those findings and rescan the application to verify that changes have resolved the findings. Finally, after all of those steps are done, we document everything. We want to retain this information for future usage. Let’s not forget this important arrow, which will actually get his own slide right after this. I’ve colored him different from the others for easy recognition. Since there are hundreds of top level directories, each will need to be tested and run through this cycle. We can do more than one at a time, but those determinations will be made at a later date. Report Plan Scan

4 Web Application Classification
“All applications are subject to periodic application vulnerability scans conducted or sponsored by the Information Security Office. For applications that are Internet-accessible or host Confidential or Controlled Data, these scans must be conducted at least annually. All other applications must be scanned for application vulnerabilities every two years.” -ISO Web-based Application Standard We have established a web classification format within our group. This qualitative assessment uses multiple factors, some weighted higher than other, to establish how frequently something should be rescanned. The more important the data, for instance, the more likely we would want to rescan that application. With that in mind, we want to take this opportunity to also discuss the results of each directory scan with the responsible parties for each area and have the classification conversation. We will need to work out details on how to perform the subsequent rescans in the future, but for now, just getting started with the initial conversation would be a big help for future efforts.

5 Questions? Questions?

Download ppt "Vulnerability Management Team Information Security Office"

Similar presentations

“The Honeywell Web-based Corrective Action Solution”

“The Honeywell Web-based Corrective Action Solution”
KompoZer. This is what KompoZer will look like with a blank document open. As you can see, there are a lot of icons for beginning users. But don't be.

KompoZer. This is what KompoZer will look like with a blank document open. As you can see, there are a lot of icons for beginning users. But don't be.
M2 – Explain the tools and techniques used in the creation of an interactive website. By Arturas Vitkovskij.

M2 – Explain the tools and techniques used in the creation of an interactive website. By Arturas Vitkovskij.
Technical Methodology (bottom-up) Lesson 8. 6-step Process Step 1: Site Survey Step 2: Develop a test plan Step 3: Build the toolkit Step 4: Conduct the.

Technical Methodology (bottom-up) Lesson 8. 6-step Process Step 1: Site Survey Step 2: Develop a test plan Step 3: Build the toolkit Step 4: Conduct the.
SecurityCenter Reporting Nessus Scan Report. SecurityCenter Reports For customers who use Nessus for vulnerability scanning and then move to SecurityCenter,

SecurityCenter Reporting Nessus Scan Report. SecurityCenter Reports For customers who use Nessus for vulnerability scanning and then move to SecurityCenter,
We are partners in learning.. Note: Office 365 works best in Internet Explorer V 9 or above. Some features do not work in PWCS’s Chrome Browser or in.

We are partners in learning.. Note: Office 365 works best in Internet Explorer V 9 or above. Some features do not work in PWCS’s Chrome Browser or in.
How to Establish a Blog. What is a Blog A blog is a collection of informational articles/ideas intended to update a viewer on new information associated.

How to Establish a Blog. What is a Blog A blog is a collection of informational articles/ideas intended to update a viewer on new information associated.
EASY TEAM MANAGER By Dave Abineri EASYWARE: PO Box 231, Milford, OHIO 45150 (Cincinnati) Phone: (513) 248-0590 Use UP arrow to move to the NEXT slide Use.

EASY TEAM MANAGER By Dave Abineri EASYWARE: PO Box 231, Milford, OHIO (Cincinnati) Phone: (513) Use UP arrow to move to the NEXT slide Use.
E-Newsletter Guide April, 2003. © 2003, Cisco Systems, Inc. All rights reserved. Web-based E-Newsletter Template Tool for WWE & Academy Theater staff.

E-Newsletter Guide April, © 2003, Cisco Systems, Inc. All rights reserved. Web-based E-Newsletter Template Tool for WWE & Academy Theater staff.
EVIDENCE-BASED ASSESSMENT … COMOX VALLEY SCHOOL DISTRICT #71.

EVIDENCE-BASED ASSESSMENT … COMOX VALLEY SCHOOL DISTRICT #71.
Website Development and Web Presence ASSISTANCE CREATING EFFECTIVE ONLINE PRESENCE-- CUSTOMIZING YOUR ONLINE BRAND TO MAXIMIZE BENEFIT TARGETING GOALS.

Website Development and Web Presence ASSISTANCE CREATING EFFECTIVE ONLINE PRESENCE-- CUSTOMIZING YOUR ONLINE BRAND TO MAXIMIZE BENEFIT TARGETING GOALS.
Network Address Translation (NAT)

Network Address Translation (NAT)
How to Pay for a Food Order in TechBuy using America To Go Texas Tech University System August 2014.

How to Pay for a Food Order in TechBuy using America To Go Texas Tech University System August 2014.
A Step by Step Guide How to add your own pages to the website.

A Step by Step Guide How to add your own pages to the website.
Go to your school’s web locker site school name.schoolweblockers.com) Your user name is the first letter of your first name, the first four.

Go to your school’s web locker site school name.schoolweblockers.com) Your user name is the first letter of your first name, the first four.
© 2012 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S.

© 2012 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S.
Go to your school’s web locker site Your user name is the first letter of your first name, the first four letters of.

Go to your school’s web locker site Your user name is the first letter of your first name, the first four letters of.
Office of Information Technology Help Desk: ECS 020 Phone: 410-455-3838 Web UMBC Uploading your personal.

Office of Information Technology Help Desk: ECS 020 Phone: Web UMBC Uploading your personal.
Selling a Product or Service Website. Website Objective Developing or Designing a Website 40 Questions and Questionnaire with 30 questions are to be filled.

Selling a Product or Service Website. Website Objective Developing or Designing a Website 40 Questions and Questionnaire with 30 questions are to be filled.
Welcome Teachers! - WELCOME TO TEACHER WEBSITE BUILDING 101.

Welcome Teachers! - WELCOME TO TEACHER WEBSITE BUILDING 101.

Similar presentations

Ads by Google