Educause Security Discussion mailing list archives
Summary Report :: Dorkbot Service [FEB 2021-02]
From: "Beasley, Cam" <cam () UTEXAS EDU>
Date: Fri, 5 Mar 2021 04:58:43 +0000
Howdy all — I wanted to share summary stats from the Dorkbot web application security service for Feb-2021. Also, it has now been 4-yrs since we started offering Dorkbot to the public! Dorkbot has reported over 134,000 verified significant web application vulnerabilities and we are privileged to be able to serve so many entities across the planet. Thanks for your support over the years! ++++++++++++++++++++++ Dorkbot currently serves over 2,300 higher education institutions, state/local government agencies, school districts and other non-profits from across 7 continents (and 205 countries). Those served include 99% of all R1, R2, R3, M1, M2 Carnegie-class campuses and 100% of HBCUs and US Tribal Colleges. [month = FEB-2021] Total entities subscribed = 2,324 —————— Verified XSS vulnerable pages = 3,552 (-15%) Verified SQLi vulnerable pages = 470 (+2%) Verified LFI vulnerable pages = 27 (+42%) Verified OSi vulnerable pages = 0 —————— 4,049 total verified vulnerable pages (-13%) ++++++++++++++++++++++ Vulnerability breakdown by campus classification ++++++++++++++++++++++ 53% - Universities in Other Countries 16% - D/PU Universities 09% - R1 Universities 04% - Universities in Canada 04% - R2 Universities 03% - Baccalaureate Colleges: Arts & Sciences Focus 02% - Associates Colleges 02% - M1 Universities 02% - M3 Universities 05% - All Other US Entities ++++++++++++++++++++++ Top 5 Served Countries ++++++++++++++++++++++ United States | Thailand | Canada | Vietnam | Slovakia ++++++++++++++++++++++ Top 5 Served US States ++++++++++++++++++++++ New York | Texas | California | Massachusetts | Michigan ++++++++++++++++++++++ Signing up for Dorkbot is fast & free. You will receive realtime alerts for any verified vulnerabilities along with a custom monthly report. We can also exclude targets from the service as needed, by: IP address, host name, subdomain or regex string in a URL. Please see the following for more information: https://security.utexas.edu/dorkbot Feel free to share the signup page with any campuses, school districts or non-profits that might be able to benefit from this service! ++++++++++++++++++++++ ++++++++++++++++++++++ Please also remember ISORA Lite (a free service for shared vendor assessments). This leverages EDUCAUSE’s HECVAT standard and there are 189 (+6% from previous month) completed vendor assessments launched by EDUs across the country and another 24 underway. Vendor reporting has been updated and now compares vendors to other vendors in a common vertical. Thus far there have been 561 unique EDU participants from over 277 campuses. You can access ISORA Lite via: https://lite.isora.saltycloud.com thanks, ~cam. -- Cam Beasley (he/him/his) Chief Information Security Officer Information Security Office The University of Texas at Austin security () utexas edu | 512.475.9242 http://security.utexas.edu ======================================= ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Attachment:
smime.p7s
Description:
Current thread:
- Summary Report :: Dorkbot Service [FEB 2021-02] Beasley, Cam (Mar 04)