The Official Web site for the Office of Information Technology - UTSA

This document should be rendered in an HTML format with cascading style sheets and JavaScript turned on.

Office of Information Technology Home Page

Skip to Main Content

Skip to Navigation

Please take a few minutes to read our Accessibility Page which will make your visit through this Web site easier.

Copyright (c) 2010. The University of Texas at San Antonio. All rights reserved.

OIT Home > About OIT > Information Resource Standards > Web Application Vulnerability Scanning

Web Application Vulnerability Scanning

Good application security consists of knowledge of threats and regular feedback on the state of protection within an application.  Business units and system administrators must be aware of the vulnerabilities that can exist within the applications so that appropriate actions can be taken to mitigate these risks.  Vulnerability scanning is a procedure designed to identify security weakness in the application and to assist in mitigation of those weaknesses.

All Web applications attached to the UTSA network are subject to security vulnerability scans. Proactive scanning allows for timely discovery of known risks and promotes actions to prevent compromise, breach and destructive activity within application and/or the network. Reactive security scanning provides a means of assessment and damage control. 

Scans are required:

  • Prior to the promotion to production of a Web application associated with a formal project, sponsored by the Project Management Office of OIT.

  • After a compromise of a UTSA Web application accessible through the Internet.

  • Annually for all mission-critical operations.

Other Web applications will be scanned at the request of the application owner when potential or existing risks are identified within the environment.

Effective Date:

May 15, 2011

Compliance Date:

July 31, 2011

Last Revision:

April 4, 2011

Account Management

Disposal of Computers
Other Electronic Devices

Laptop Encryption

Policy Exception and Risk Assumption Procedures

Administrative/Special Access

E-Mail Management

Log-in Disclaimer

Security Monitoring

Application Registration

Incident Management

Network Access

Security Training

Enterprise Backup &
Data Recovery

Information Resource Use and Security (pending)

Network Configuration

Server Hardening

Change Management

Information Security Risk Assessment

Password

Software Licensing

Computer Naming Convention

Information Security Administrator (ISA)

Patch Management Standard

Threat Detection and Prevention

Configuration and Asset Management

Information Security Training Standard

Personal Computing

Unauthorized File Sharing

Copiers and Printers

Information Services Privacy

Physical Access

Vendor Access

Data Center

Internet Use

Portable Computing

Web Application Vulnerability Scanning

Data Classification

Intrusion Detection

Protection Against Malicious Software

Wireless Network

 

 

 

Workstation Operating Systems Support

Tools