Summary Report :: Dorkbot Service [DEC 2019-12]

[Cam Beasley <cam () UTEXAS EDU>]

Happy New Year all —

I wanted to share summary stats from the Dorkbot web application security service for December.

++++++++++++++++++++++

Dorkbot currently serves over 2,000 higher education institutions, state/local government agencies, school districts 
and other non-profits from across 7 continents (and 202 countries).

Those served include 99% of all R1, R2, R3, M1, M2 campuses and 100% of HBCUs and US Tribal Colleges.

[month = DEC 2019]

Total entities subscribed = 2,014 (+144 compared to previous month)
Total entities with verified vulnerabilities = 443 (22% of subscribers)

——————
Verified XSS vulnerable pages = 2,871 (-49%)
Verified SQLi vulnerable pages = 388 (-47%)
Verified LFI vulnerable pages = 28 (-63%)
Verified RFI vulnerable pages = 01 (-92%) 
Verified OSi vulnerable pages = 02 (-60%)
——————
3,299 total verified vulnerable pages (-49%)    


++++++++++++++++++++++
Vulnerability breakdown by campus classification
++++++++++++++++++++++

57% - Universities in Other Countries
18% - R1 Universities
06% - R2 Universities
04% - Universities in Canada
04% - D/PU Universities
03% - M1 Universities
02% - State Agencies
02% - M2 Universities
04% - All Other US Entities

++++++++++++++++++++++

Signing up for Dorkbot is fast & free. 
You will receive realtime alerts for any verified vulnerabilities along with a custom monthly report.

In the coming year, we do hope to fold in some additional functionality for basic Dorkbot-ing, namely:
 - editing subscriber preferences (exclusions, domains)
 - upload more targets to scan
 - Dorkbot kill switch
 - support for Intranet scanning (e.g., proxy variable)
 - and more if we can get the time

Please see the following for more information:

https://security.utexas.edu/dorkbot

https://er.educause.edu/blogs/2019/2/dorkbot-a-managed-application-security-assessment-service-for-higher-education

Feel free to share the signup page with any campuses, school districts, or non-profits that might be able to benefit 
from this service.


thanks,

~cam.




--
Cam Beasley
Chief Information Security Officer
Information Security Office
The University of Texas at Austin
security () utexas edu | 512.475.9242
http://security.utexas.edu
=======================================





**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Attachment: smime.p7s
Description: