Vulnerability management is a proactive approach to managing network and computer security. It involves identifying, classifying, prioritizing, remediating, and mitigating software vulnerabilities in SDSU systems and software. Vulnerabilities can be a common occurrence and come about due to software flaws, bugs, or insecure system configuration and settings.
What tools and services does the University use for vulnerability tracking?
We use a combination of scanning tools and testing methods. These tools scan our network and systems to find known vulnerabilities.
Qualys Vulnerability Management Platform:
- Used for vulnerability scanning, web application scanning, and asset management
- Provides an installable agent to provide up-to-date details on server vulnerabilities without the need to scan.
- Scans university web applications for known vulnerabilities.
- University assets are categorized by department, and ranked according to risk.
University of Texas at Austin:
- The Dorkbot Scanner was created by the Information Security department at UT and is used for web application scanning.
- This scanning is provided at no cost to SDSU
The Shadowserver Foundation:
- Shadowserver provides regular vulnerability scanning of internet facing systems.
- This scanning is provided at no cost to SDSU
Cybersecurity and Infrastructure Security Agency:
- CISA offers vulnerability scanning services to assist federal agencies and other partners in identifying and mitigating vulnerabilities in their networks.
- Regularly scans internet-facing systems for vulnerabilities and reports them.
- This scanning is provided at no cost to SDSU
Cost
Vulnerability Scanning is run on all SDSU servers free of charge.
Get Help
To request a service, open the hamburger menu (to the right of the magnifying glass), then select "IT Division".
Report an Incident
Please contact the Information Security team immediately if you experience or are aware of any of the following: