Educause Security Discussion mailing list archives
Re: Summary Report :: Dorkbot Service [JUN 2021-06]
From: Theresa Semmens <tsemmens () NSHE NEVADA EDU>
Date: Tue, 6 Jul 2021 15:11:54 +0000
I second Ken's thoughts, the value is extraordinary for what you receive. Theresa Theresa Semmens Chief Information Security Officer Nevada System of Higher Education 4505 S Maryland Parkway (MS 4016) Las Vegas, NV 89154-4016 tsemmens () nshe nevada edu 702-720-3318 PUBLIC RECORDS NOTICE: In accordance with NRS Chapter 239, this email and responses, unless otherwise made confidential by law, may be subject to the Nevada Public Records laws and may be disclosed to the public upon request. -----Original Message----- From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Ken Connelly Sent: Tuesday, July 6, 2021 7:25 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Summary Report :: Dorkbot Service [JUN 2021-06] ⚠ External Email: I am normally a pretty strong believer in YGWYPF[1] but the Dorkbot service blows that out of the water. Cam and crew have an incredibly valuable tool that they're sharing with the higher ed community. Thanks, Cam! -ken [1] YGWYPF == You Get What You Pay For On 7/5/21 12:50 PM, Beasley, Cam wrote:
Howdy all — I wanted to share summary stats from the Dorkbot web application security service for Jun-2021. Before I get into the details - can I get some feedback as to whether or not the community is still getting value from this service? It is a bit over 4-years old and I just wanted to ask. ++++++++++++++++++++++ Dorkbot currently serves over 2,350 higher education institutions, state/local government agencies, school districts and other non-profits from across 7 continents (and 205 countries). Those served include 99% of all R1, R2, R3, M1, M2 Carnegie-class campuses and 100% of HBCUs and US Tribal Colleges. [month = JUN-2021] Total entities subscribed = 2,352 —————— Verified XSS vulnerable pages = 3,365 (-6%) Verified SQLi vulnerable pages = 395 (-5%) Verified LFI vulnerable pages = 8 (-33%) —————— 3,768 total verified vulnerable pages (-6%) ++++++++++++++++++++++ Vulnerability breakdown by campus classification ++++++++++++++++++++++ 50% - Universities in Other Countries 16% - D/PU Universities 09% - R2 Universities 08% - R1 Universities 04% - Associates Colleges 03% - Baccalaureate Colleges: Arts & Sciences Focus 03% - M3 Universities 02% - Universities in Canada 02% - M1 Universities 03% - All Other US Entities ++++++++++++++++++++++ Top 5 Served Countries ++++++++++++++++++++++ United States | Thailand | Slovakia | Vietnam | Serbia ++++++++++++++++++++++ Top 5 Served US States ++++++++++++++++++++++ New York | Ohio | Texas | California | Pennsylvania ++++++++++++++++++++++ Signing up for Dorkbot is fast & free. You will receive realtime alerts for any verified vulnerabilities along with a custom monthly report. We can also exclude targets from the service as needed, by: IP address, host name, subdomain or regex string in a URL. Please see the following for more information: https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecu rity.utexas.edu%2Fdorkbot&data=04%7C01%7Ctsemmens%40NSHE.NEVADA.ED U%7Cbdc2f10841fa43b9703f08d94089de05%7C8ff9d11a9e074150ac216eedccccc3d 3%7C0%7C1%7C637611783165637670%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA wMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=s P0xuUs8gWxi2bBZ341sofecOs9SokJzEnQFIURtakc%3D&reserved=0 Please help us tell small campuses, school districts or non-profits to subscribe as well! ++++++++++++++++++++++ ++++++++++++++++++++++ Please also remember ISORA Lite (a free service for shared vendor assessments). This leverages EDUCAUSE’s HECVAT standard and there are currently 216 completed vendor assessments launched by EDUs across the country and another 31 underway. Please note that you can also use the vendor reporting to compares vendors in a common vertical. Thus far there have been 660 unique EDU participants from over 314 campuses. You can access ISORA Lite via: https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flite .isora.saltycloud.com%2F&data=04%7C01%7Ctsemmens%40NSHE.NEVADA.EDU %7Cbdc2f10841fa43b9703f08d94089de05%7C8ff9d11a9e074150ac216eedccccc3d3 %7C0%7C1%7C637611783165637670%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAw MDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=LU n6MMRo7FUwliQvCdNnmpkLX1biqHQIvsz8DPRV%2BmM%3D&reserved=0 thanks, ~cam. -- Cam Beasley (he/him/his) Chief Information Security Officer Information Security Office The University of Texas at Austin security () utexas edu | 512.475.9242 https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsecur ity.utexas.edu%2F&data=04%7C01%7Ctsemmens%40NSHE.NEVADA.EDU%7Cbdc2 f10841fa43b9703f08d94089de05%7C8ff9d11a9e074150ac216eedccccc3d3%7C0%7C 1%7C637611783165647626%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJ QIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=UlfAzSThR RQq9EdUaLIn82PHnF3ptU8dHz9QsN67TgY%3D&reserved=0 ======================================= ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. educause.edu%2Fcommunity&data=04%7C01%7Ctsemmens%40NSHE.NEVADA.EDU %7Cbdc2f10841fa43b9703f08d94089de05%7C8ff9d11a9e074150ac216eedccccc3d3 %7C0%7C1%7C637611783165647626%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAw MDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=k5 s4RWUmthgjpTlayASPKV5QctYrgW98XVy4xXUwtNo%3D&reserved=0
-- - Ken ================================================================= Ken Connelly Director, Information Security Information Security Officer University of Northern Iowa email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-3010 Any request to divulge your UNI password via e-mail is fraudulent! ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Ctsemmens%40NSHE.NEVADA.EDU%7Cbdc2f10841fa43b9703f08d94089de05%7C8ff9d11a9e074150ac216eedccccc3d3%7C0%7C1%7C637611783165647626%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=k5s4RWUmthgjpTlayASPKV5QctYrgW98XVy4xXUwtNo%3D&reserved=0 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Summary Report :: Dorkbot Service [JUN 2021-06] Beasley, Cam (Jul 05)
- Re: Summary Report :: Dorkbot Service [JUN 2021-06] Catherine Ullman (Jul 06)
- Re: Summary Report :: Dorkbot Service [JUN 2021-06] Corley, Robert B (KCTCS) (Jul 06)
- Re: Summary Report :: Dorkbot Service [JUN 2021-06] Ken Connelly (Jul 06)
- Re: Summary Report :: Dorkbot Service [JUN 2021-06] Theresa Semmens (Jul 06)
- Re: [External]:[SECURITY] Summary Report :: Dorkbot Service [JUN 2021-06] Ferland, William (Jul 12)
- <Possible follow-ups>
- Re: Summary Report :: Dorkbot Service [JUN 2021-06] Lovaas,Steven (Jul 06)