Re: Summary Report :: Dorkbot Service [JUN 2021-06]

[Theresa Semmens <tsemmens () NSHE NEVADA EDU>]

I second Ken's thoughts, the value is extraordinary for what you receive. 

Theresa

Theresa Semmens
Chief Information Security Officer
Nevada System of Higher Education
4505 S Maryland Parkway (MS 4016)
Las Vegas, NV 89154-4016
tsemmens () nshe nevada edu
702-720-3318

PUBLIC RECORDS NOTICE: In accordance with NRS Chapter 239, this email and responses, unless otherwise made confidential 
by law, may be subject to the Nevada Public Records laws and may be disclosed to the public upon request. 

-----Original Message-----
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Ken Connelly
Sent: Tuesday, July 6, 2021 7:25 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Summary Report :: Dorkbot Service [JUN 2021-06]

⚠ External Email:

I am normally a pretty strong believer in YGWYPF[1] but the Dorkbot service blows that out of the water. Cam and crew 
have an incredibly valuable tool that they're sharing with the higher ed community. Thanks, Cam!

-ken

[1]  YGWYPF == You Get What You Pay For

On 7/5/21 12:50 PM, Beasley, Cam wrote:
> Howdy all —
>
> I wanted to share summary stats from the Dorkbot web application security service for Jun-2021.
> Before I get into the details - can I get some feedback as to whether or not the community is still getting value 
> from this service?
> It is a bit over 4-years old and I just wanted to ask.
>
>
> ++++++++++++++++++++++
>
> Dorkbot currently serves over 2,350 higher education institutions, state/local government agencies, school districts 
> and other non-profits from across 7 continents (and 205 countries).
>
> Those served include 99% of all R1, R2, R3, M1, M2 Carnegie-class campuses and 100% of HBCUs and US Tribal Colleges.
>
> [month = JUN-2021]
>
> Total entities subscribed = 2,352
>
> ——————
> Verified XSS vulnerable pages = 3,365 (-6%) Verified SQLi vulnerable 
> pages = 395 (-5%) Verified LFI vulnerable pages = 8 (-33%) ——————
> 3,768 total verified vulnerable pages (-6%)
>
>
> ++++++++++++++++++++++
> Vulnerability breakdown by campus classification
> ++++++++++++++++++++++
>
> 50% - Universities in Other Countries
> 16% - D/PU Universities
> 09% - R2 Universities
> 08% - R1 Universities
> 04% - Associates Colleges
> 03% - Baccalaureate Colleges: Arts & Sciences Focus 03% - M3 
> Universities 02% - Universities in Canada 02% - M1 Universities 03% - 
> All Other US Entities
>
> ++++++++++++++++++++++
> Top 5 Served Countries
> ++++++++++++++++++++++
>
> United States | Thailand | Slovakia | Vietnam | Serbia
>
> ++++++++++++++++++++++
> Top 5 Served US States
> ++++++++++++++++++++++
>
> New York | Ohio | Texas | California | Pennsylvania
>
> ++++++++++++++++++++++
>
> Signing up for Dorkbot is fast & free.
> You will receive realtime alerts for any verified vulnerabilities along with a custom monthly report.
> We can also exclude targets from the service as needed, by: IP address, host name, subdomain or regex string in a URL.
>
> Please see the following for more information:
>
> https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecu
> rity.utexas.edu%2Fdorkbot&amp;data=04%7C01%7Ctsemmens%40NSHE.NEVADA.ED
> U%7Cbdc2f10841fa43b9703f08d94089de05%7C8ff9d11a9e074150ac216eedccccc3d
> 3%7C0%7C1%7C637611783165637670%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA
> wMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=s
> P0xuUs8gWxi2bBZ341sofecOs9SokJzEnQFIURtakc%3D&amp;reserved=0
>
> Please help us tell small campuses, school districts or non-profits to subscribe as well!
>
> ++++++++++++++++++++++
> ++++++++++++++++++++++
>
> Please also remember ISORA Lite (a free service for shared vendor assessments).
> This leverages EDUCAUSE’s HECVAT standard and there are currently 216 completed vendor assessments launched by EDUs 
> across the country and another 31 underway.
>
> Please note that you can also use the vendor reporting to compares vendors in a common vertical.
>
> Thus far there have been 660 unique EDU participants from over 314 campuses.  You can access ISORA Lite via:
>
> https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flite
> .isora.saltycloud.com%2F&amp;data=04%7C01%7Ctsemmens%40NSHE.NEVADA.EDU
> %7Cbdc2f10841fa43b9703f08d94089de05%7C8ff9d11a9e074150ac216eedccccc3d3
> %7C0%7C1%7C637611783165637670%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAw
> MDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=LU
> n6MMRo7FUwliQvCdNnmpkLX1biqHQIvsz8DPRV%2BmM%3D&amp;reserved=0
>
> thanks,
>
> ~cam.
>
>
>
> --
> Cam Beasley (he/him/his)
> Chief Information Security Officer
> Information Security Office
> The University of Texas at Austin
> security () utexas edu | 512.475.9242
> https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsecur
> ity.utexas.edu%2F&amp;data=04%7C01%7Ctsemmens%40NSHE.NEVADA.EDU%7Cbdc2
> f10841fa43b9703f08d94089de05%7C8ff9d11a9e074150ac216eedccccc3d3%7C0%7C
> 1%7C637611783165647626%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJ
> QIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=UlfAzSThR
> RQq9EdUaLIn82PHnF3ptU8dHz9QsN67TgY%3D&amp;reserved=0
> =======================================
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire 
> community list. If you want to reply only to the person who sent the 
> message, copy and paste their email address and forward the email 
> reply. Additional participation and subscription information can be 
> found at 
> https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> educause.edu%2Fcommunity&amp;data=04%7C01%7Ctsemmens%40NSHE.NEVADA.EDU
> %7Cbdc2f10841fa43b9703f08d94089de05%7C8ff9d11a9e074150ac216eedccccc3d3
> %7C0%7C1%7C637611783165647626%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAw
> MDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=k5
> s4RWUmthgjpTlayASPKV5QctYrgW98XVy4xXUwtNo%3D&amp;reserved=0

--
- Ken
=================================================================
Ken Connelly                       Director, Information Security
Information Security Officer          University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-3010

Any request to divulge your UNI password via e-mail is fraudulent!

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&amp;data=04%7C01%7Ctsemmens%40NSHE.NEVADA.EDU%7Cbdc2f10841fa43b9703f08d94089de05%7C8ff9d11a9e074150ac216eedccccc3d3%7C0%7C1%7C637611783165647626%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=k5s4RWUmthgjpTlayASPKV5QctYrgW98XVy4xXUwtNo%3D&amp;reserved=0

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community