Summary Report :: Dorkbot Service [FEB 2019-02]

[Cam Beasley <cam () UTEXAS EDU>]

hello all —

i wanted to share summary stats from the Dorkbot web application security service for the past month.

Dorkbot covers 82% of all R1 campuses in the US and many of the top universities across 6 continents (and 30 countries).

[month = FEB 2019]

total campuses subscribed = 839 (+37 campuses compared to previous month)

——————
verified XSS vulnerable pages = 1,105 (-59% compared to previous month)
verified SQLi vulnerable pages = 146 (-54% compared to previous month)
verified LFI vulnerable pages =  9 (-69% compared to previous month)
verified OSi vulnerable pages =  1 (-33% compared to previous month)
verified RFI vulnerable pages =  3 (+50% compared to previous month) 
——————

1,264 total verified vulnerable pages (-59% compared to previous month) 

++++++++++++++++++++++
% of vulnerability breakdown by campus classification
++++++++++++++++++++++

39% - Universities in Other Countries
37% - R1 Campuses
07% - R2 Campuses
06% - State Agencies
05% - All Other Entities
03% - Baccalaureate Colleges: Arts & Sciences Focus
02% - M1 Campuses
01% - All Other Entities

++++++++++++++++++++++

this month we also shared exposure details with Dorkbot subscribers related to the major collections mentioned here:

 https://www.troyhunt.com/the-race-to-the-bottom-of-credential-stuffing-lists-and-collections-2-through-5-and-more/

signing up for Dorkbot is fast & free. 
please see the following for more information:

https://security.utexas.edu/dorkbot

https://er.educause.edu/blogs/2019/2/dorkbot-a-managed-application-security-assessment-service-for-higher-education

thanks,

~cam.




--
Cam Beasley
Chief Information Security Officer
Information Security Office
The University of Texas at Austin
security () utexas edu | 512.475.9242
http://security.utexas.edu
=======================================

Attachment: smime.p7s
Description: