CSU Information Security Standards require that the campus perform website vulnerability scanning for SSU websites.
Information Technology uses Qualys to run website vulnerability scans on a weekly basis. Reports are sent to website owners identifying urgent and critical issues that should be addressed by the website owners.
The types of sites and applications that will be scanned include public-facing sites that are any of these:
- Locally developed
- Locally hosted
- Locally administered and hosted with an Infrastructure or Platform as a Service provider
- Other sites as determined by Information Technology.
Website owners must immediately remediate the vulnerabilities by working with the site’s system and website administrators. Those may be SSU employees, vendors, or contractors.
If you have questions about your Website Vulnerability Report, please submit a Help Desk ticket. For quickest response, use the following format.
- Subject: Website Vulnerability Question
- Issue Type: Web Issue
- Description: Include the name and URL of your site, plus your question(s).