Vulnerabilities (or exploitables) in your applications or system can allow hackers to gain unauthorized access to UCSF systems and data. These weaknesses can be the result of many causes, including insecure development and coding practices, and not maintaining up-to-date systems and applications. If you or your department is using a self-managed server or website/web application for your research project, performing regular vulnerability scans is a great way to reduce the risk of a security compromise on those systems. 

Services

Application and Website Security: IT Security can use automated scanning tools to help find and identify these weaknesses before a hacker exploits them. These tools find and remediate weaknesses in your systems and protect UCSF and user data. 

• Vulnerability Scanning: IT Security will scan your system for vulnerabilities and provide a report detailing the vulnerabilities found. You will also receive a remediation report.
• Web Application Scanning: This service will scan your websites and web applications for vulnerabilities. You will then receive a report of the vulnerabilities found as well as a remediation report. Keep in mind that this is different from vulnerability scanning, which focuses on the underlying server. 

Directions

1. Make sure your server, web application or website is registered into the CMDB and up to date. Instructions on how to register or update your record can be found on How to use the Configuration Management Database (CMBD).
2. Contact the IT Service Desk at 415-514-4100 or submit a ServiceNow ticket to request a scan of your systems or web applications. 

Support

For proactive measures you can take to reduce vulnerabilities in software, visit Best practices for Application or Website Security.