Educause Security Discussion mailing list archives
Re: UTAustin :: Interest in Dorkbot?
From: Harry Hoffman <00000033be3f81d5-dmarc-request () LISTSERV EDUCAUSE EDU>
Date: Thu, 7 Sep 2017 06:55:12 -0400
Hi Folks, I thought I'd take a moment and comment on the Dorkbot service from Cam and the team at UT Austin. Here at Harvard we're subscribed and have been getting notifications for several months now. It's a great service and we have not seen a false positive to date. The notifications provide both an overview and enough technical content to quickly understand the problem and potential risk (e.g. XSS vs SQLi). They also allow the owner to pinpoint the problem areas of websites with actual examples of the exposed issues. If you have any specific questions about our experience please feel free to email me. Cheers, Harry On Sep 6, 2017 10:20 PM, "Cam Beasley" <cam () utexas edu> wrote: Howdy all — Hope everyone’s fall semesters are off to a great start. I wanted to provide an update to my earlier Dorkbot offer.. We are now serving well over 200 campuses and we’re looking for new subscribers.. Sign up is really quite easy. I’d ask for any campuses subscribed to the service to share their experiences to help encourage those who are unsure about the value of the service. Here’s a bit of data from the Dorkbot service thus far: ////////// (Mar-2017 thru Aug-2017) 26 = the average number of confirmed web application vulnerabilities per campus 199 = the highest number of vulnerabilities reported to a single campus 205 = total campuses subscribed 2,825 = verified XSS vulnerability reported 596 = verified SQLi vulnerable pages reported 24 = verified LFI vulnerable pages reported 16 = verified OS command injection vulnerable pages reported 4 = verified remote file inclusion vulnerable pages reported ============== 3,465 = Total Vulnerabilities Reported ////////// More information about Dorkbot can be found at: https://security.utexas.edu/dorkbot Please let me know if you have any questions. Thanks, ~cam. -- Cam Beasley Chief Information Security Officer Information Security Office The University of Texas at Austin security () utexas edu | 512.475.9242 http://security.utexas.edu ======================================= https://www.facebook.com/utaustiniso https://twitter.com/UT_ISO =======================================
On Jul 17, 2017, at 2:51 PM, Cam Beasley <cam () utexas edu> wrote: Howdy all — I wanted to reach out to see if any campuses would be interested in
signing up for our Dorkbot service?
There is no cost associated and we're currently serving over 180 campuses
across the planet.
This service has identified thousands of web application security
vulnerabilities since we expanded our offering to a more targeted higher education community in March.
Here's more information about Dorkbot: https://security.utexas.edu/dorkbot All that we need to get started is a list of the top-level domains you
would like added along with the preferred e-mail address you would like for us to send our reports to.
We’ll also be happy to share the IPs these services are operated from in
the event you would like to whitelist them should you be inclined to subscribe to the service.
Please let me know if you have any questions. thanks, ~cam. -- Cam Beasley Chief Information Security Officer Information Security Office The University of Texas at Austin security () utexas edu | 512.475.9242 http://security.utexas.edu ======================================= https://www.facebook.com/utaustiniso https://twitter.com/UT_ISO =======================================
Current thread:
- UTAustin :: Interest in Dorkbot? Cam Beasley (Jul 17)
- Re: UTAustin :: Interest in Dorkbot? Cam Beasley (Sep 06)
- Re: UTAustin :: Interest in Dorkbot? Lovaas,Steven (Sep 06)
- Re: UTAustin :: Interest in Dorkbot? Ken Connelly (Sep 06)
- Re: UTAustin :: Interest in Dorkbot? Harry Hoffman (Sep 07)
- Re: UTAustin :: Interest in Dorkbot? Rich Graves (Sep 07)
- Re: UTAustin :: Interest in Dorkbot? Dixon, Cameron (Sep 07)
- Re: UTAustin :: Interest in Dorkbot? Lovaas,Steven (Sep 06)
- Re: UTAustin :: Interest in Dorkbot? Cam Beasley (Sep 06)