Re: Summary Report :: Dorkbot Service [MAY 2019-05]

[Frank Barton <bartonf () HUSSON EDU>]

I'll throw this out there - we signed up a while back, and I don't believe
we've ever gotten a report (maybe our web-facing things are that "rugged")
but as a "feature request" maybe having a monthly 'status' report including
'hey we scanned "N" pages/sites on your registered domain, and didn't find
anything"

kind of like a heartbeat so that we know things are still going on

my inflation adjusted $0.03

Frank

On Tue, Jun 4, 2019 at 12:14 PM Chris Wilson <clwilson () mtroyal ca> wrote:

> Hi Cam,
>
> My fault - for some reason, your reports were ending up in spam.  One
> quick question though: I believe I added about 5 domains to the list when
> registering, but only see reports for one.
>
> Is that correct?
> Thanks in advance,
>
> Chris Wilson
> Security Architect
> I.T. Services Department
> Mount Royal University
> 4825 Mount Royal Gate SW
> Calgary, AB
> 403-440-8682
> clwilson () mtroyal ca
>
>
> On Tue, Jun 4, 2019 at 10:13 AM Cam Beasley <cam () utexas edu> wrote:
>
> > hi Chris -
> >
> > your campus subscribed on 5/21 and we’ve reported issues thus far to your
> > preferred address..
> > please reach out direct if you have any other questions?
> >
> > thanks,
> >
> > ~cam.
> >
> >
> >
> > > On Jun 4, 2019, at 9:14 AM, Chris Wilson <clwilson () mtroyal ca> wrote:
> > >
> > > Steven,
> > >
> > > It's a good thing it wasn't a private reply, as it prompted me to
> > wonder the same thing.  I haven't seen any updates or reports in some time
> > as well.  Is there anything you might need from our end to get things
> > running again?
> > > Chris Wilson
> > > Security Architect
> > > I.T. Services Department
> > > Mount Royal University
> > > 4825 Mount Royal Gate SW
> > > Calgary, AB
> > > 403-440-8682
> > > clwilson () mtroyal ca
> > >
> > >
> > > On Mon, Jun 3, 2019 at 9:00 PM Lovaas,Steven <
> > Steven.Lovaas () colostate edu> wrote:
> > > Apologies... That was meant to be a private reply.
> > >
> > > Steve
> > >
> > > Sent from my iPhone
> > >
> > > > On Jun 3, 2019, at 8:59 PM, Lovaas,Steven <
> > Steven.Lovaas () colostate edu> wrote:
> > > > Hi Cam!
> > > >
> > > > We do really appreciate this service. But we haven’t had an alert in
> > a long time. I’m too suspicious to automatically believe that we just fixed
> > all of our problems.
> > > > Have you had any issues connecting to Colorado State University? (
> > 129.82.0.0/16, colostate.edu)
> > > > Thanks,
> > > > Steve
> > > >
> > > > Sent from my iPhone
> > > >
> > > > > On Jun 3, 2019, at 8:44 PM, Cam Beasley <cam () utexas edu> wrote:
> > > > >
> > > > > hello all —
> > > > >
> > > > > i wanted to share summary stats from the Dorkbot web application
> > security service for the past month.
> > > > > Dorkbot covers 87% of all R1 campuses in the US and many of the top
> > universities across 6 continents (and 78 countries).
> > > > > [month = MAY 2019]
> > > > >
> > > > > total campuses subscribed = 1,030 (+29 campuses compared to previous
> > month)
> > > > > ——————
> > > > > verified XSS vulnerable pages = 3,032 (+14% compared to previous
> > month)
> > > > > verified SQLi vulnerable pages = 365 (+10% compared to previous
> > month)
> > > > > verified LFI vulnerable pages = 20 (-20% compared to previous month)
> > > > > verified OSi vulnerable pages = 15 (+50% compared to previous month)
> > > > > verified RFI vulnerable pages = 04 (+100% compared to previous
> > month)
> > > > > ——————
> > > > >
> > > > > 3,143 total verified vulnerable pages (+4% compared to previous
> > month)
> > > > > ++++++++++++++++++++++
> > > > > % of vulnerability breakdown by campus classification
> > > > > ++++++++++++++++++++++
> > > > >
> > > > > 44% - Universities in Other Countries
> > > > > 19% - R1 Universities
> > > > > 07% - R2 Universities
> > > > > 05% - Higher Ed Consortiums
> > > > > 04% - M1 Universities
> > > > > 04% - Baccalaureate Colleges: Arts & Sciences Focus
> > > > > 03% - State Agencies
> > > > > 02% - D/PU Universities
> > > > > 02% - Universities in Canada
> > > > > 06% - All Other Entities
> > > > >
> > > > > ++++++++++++++++++++++
> > > > >
> > > > > signing up for Dorkbot is fast & free.
> > > > > you will receive realtime alerts for any verified vulnerabilities
> > along with a custom monthly report.
> > > > > please see the following for more information:
> > > > >
> > > > >   https://security.utexas.edu/dorkbot
> > https://er.educause.edu/blogs/2019/2/dorkbot-a-managed-application-security-assessment-service-for-higher-education
> > > > > please note that many smaller campuses in your area may not be as
> > well connected to this community.
> > > > > feel free to share the signup page with any such campuses you might
> > be associated that could benefit from this service.
> > > > > thanks,
> > > > >
> > > > > ~cam.
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Cam Beasley
> > > > > Chief Information Security Officer
> > > > > Information Security Office
> > > > > The University of Texas at Austin
> > > > > security () utexas edu | 512.475.9242
> > > > > http://security.utexas.edu
> > > > > =======================================
> > >
> > > This message is from an external sender. Learn more about why this
> > matters.

-- 
Frank Barton, MBA
Security+, ACMT, MCP
IT Systems Administrator
Husson University