Re: UTAustin :: Interest in Dorkbot?

[Harry Hoffman <00000033be3f81d5-dmarc-request () LISTSERV EDUCAUSE EDU>]

Hi Folks,

I thought I'd take a moment and comment on the Dorkbot service from Cam and
the team at UT Austin.

Here at Harvard we're subscribed  and have been getting notifications for
several months now. It's a great service and we have not seen a false
positive to date.

The notifications provide both an overview and enough technical content to
quickly understand the problem and potential risk (e.g. XSS vs SQLi). They
also allow the owner to pinpoint the problem areas of websites with actual
examples of the exposed issues.

If you have any specific questions about our experience please feel free to
email me.

Cheers,
Harry


On Sep 6, 2017 10:20 PM, "Cam Beasley" <cam () utexas edu> wrote:

Howdy all —

Hope everyone’s fall semesters are off to a great start.

I wanted to provide an update to my earlier Dorkbot offer..

We are now serving well over 200 campuses and we’re looking for new
subscribers..  Sign up is really quite easy.
I’d ask for any campuses subscribed to the service to share their
experiences to help encourage those who are unsure about the value of the
service.

Here’s a bit of data from the Dorkbot service thus far:

//////////

(Mar-2017 thru Aug-2017)

26 = the average number of confirmed web application vulnerabilities per
campus
199 = the highest number of vulnerabilities reported to a single campus
205 = total campuses subscribed

2,825 = verified XSS vulnerability reported
596 = verified SQLi vulnerable pages reported
24 = verified LFI vulnerable pages reported
16 = verified OS command injection vulnerable pages reported
4 = verified remote file inclusion vulnerable pages reported
==============
3,465 = Total Vulnerabilities Reported

//////////

More information about Dorkbot can be found at:

 https://security.utexas.edu/dorkbot

Please let me know if you have any questions.

Thanks,

~cam.


--
Cam Beasley
Chief Information Security Officer
Information Security Office
The University of Texas at Austin
security () utexas edu | 512.475.9242
http://security.utexas.edu
=======================================
https://www.facebook.com/utaustiniso
https://twitter.com/UT_ISO
=======================================


> On Jul 17, 2017, at 2:51 PM, Cam Beasley <cam () utexas edu> wrote:
>
> Howdy all —
>
> I wanted to reach out to see if any campuses would be interested in
signing up for our Dorkbot service?
> There is no cost associated and we're currently serving over 180 campuses
across the planet.
> This service has identified thousands of web application security
vulnerabilities since we expanded our offering to a more targeted higher
education community in March.
> Here's more information about Dorkbot:
>
> https://security.utexas.edu/dorkbot
>
> All that we need to get started is a list of the top-level domains you
would like added along with the preferred e-mail address you would like for
us to send our reports to.
> We’ll also be happy to share the IPs these services are operated from in
the event you would like to whitelist them should you be inclined to
subscribe to the service.
> Please let me know if you have any questions.
>
> thanks,
>
> ~cam.
>
>
> --
> Cam Beasley
> Chief Information Security Officer
> Information Security Office
> The University of Texas at Austin
> security () utexas edu | 512.475.9242
> http://security.utexas.edu
> =======================================
> https://www.facebook.com/utaustiniso
> https://twitter.com/UT_ISO
> =======================================