Educause Security Discussion mailing list archives
Summary Report :: Dorkbot Service [APR 2020-04]
From: Cam Beasley <cam () UTEXAS EDU>
Date: Sat, 2 May 2020 15:27:21 -0500
Howdy all — We hope you are all staying safe and healthy. I wanted to share summary stats from the Dorkbot web application security service for Apr-2020. Also, Dorkbot is now 3-years old (finally outta diapers).. Thanks for all of your help and support! ++++++++++++++++++++++ Dorkbot currently serves over 2,100 higher education institutions, state/local government agencies, school districts and other non-profits from across 7 continents (and 205 countries). Those served include 99% of all R1, R2, R3, M1, M2 campuses and 100% of HBCUs and US Tribal Colleges. [month = APR 2020] Total entities subscribed = 2,155 (+0 compared to previous month) Total entities with verified vulnerabilities = 473 (22% of subscribers) —————— Verified XSS vulnerable pages = 3,547 (+45%) Verified SQLi vulnerable pages = 462 (+41%) Verified LFI vulnerable pages = 38 (+36%) Verified RFI vulnerable pages = 00 (-100%) Verified OSi vulnerable pages = 03 (+0%) —————— 4,050 total verified vulnerable pages (+44%) ++++++++++++++++++++++ Vulnerability breakdown by campus classification ++++++++++++++++++++++ 55% - Universities in Other Countries 16% - R1 Universities 05% - R2 Universities 05% - Baccalaureate Colleges: Arts & Sciences Focus 05% - Universities in Canada 03% - D/PU Universities 03% - M1 Universities 03% - Education Consortiums 02% - M3 Universities 02% - M2 Universities 01% - All Other US Entities ++++++++++++++++++++++ Signing up for Dorkbot is fast & free. You will receive realtime alerts for any verified vulnerabilities along with a custom monthly report. Please see the following for more information: https://security.utexas.edu/dorkbot Feel free to share the signup page with any campuses, school districts or non-profits that might be able to benefit from this service! ++++++++++++++++++++++ I also wanted to remind folks about ISORA Lite (a free service for shared Vendor assessments). This leverages EDUCAUSE’s HECVAT standard and there are 50 completed vendor assessments launched by EDUs across the country and another 80 underway. Thus far there have been 400 unique EDU participants from over 200 campuses. You can access ISORA Lite via: https://lite.isora.saltycloud.com thanks, ~cam. -- Cam Beasley Chief Information Security Officer Information Security Office The University of Texas at Austin security () utexas edu | 512.475.9242 http://security.utexas.edu ======================================= ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Attachment:
smime.p7s
Description:
Current thread:
- Summary Report :: Dorkbot Service [APR 2020-04] Cam Beasley (May 02)