Web Hosting - Web Application Vulnerability Scanning
The Web Hosting team offers web application scanning as an inherent service to our web hosting customers. We perform the scans by utilizing CyberSecurity's licensed Qualys Web Application Scanning (WAS) tool.
The Scanning Process
Our process begins with a consultation in which we will work with you to customize the parameters to meet your needs. We will begin by providing an overview of what is publicly accessible for the site. This will help in determining the scope of the scan, which can be limited to a small portion of your site or opened up entirely. The WAS tool also allows us to implement authentication, whether there is a login form, basic authentication, or NetID protection.
Once the scope is defined, we will create and schedule the scan. Preferably, we perform these on your test instance. However, if you do need to scan production, we can also work to find a less intrusive time to run the scan.
Once the scan is complete, we will create an executive summary as well as a breakdown of the results to provide to you. The summary will be an overview of the findings and the breakdown will show specific results that provides suggestions to mitigate any issues.
Depending on your results, you may wish to scan the site following your remediation. We can then revisit the scope and proceed with setting up the new scan.
If you have any questions or wish to initiate the scanning process, please contact us at webhosting@doit.wisc.edu.