Security vulnerability and assessment

Information securityInformation security

University Systems provides security and vulnerability assessments to university faculty, staff, departments, and units on request.

The purpose of a security and vulnerability assessment is to determine if network devices and network hosted applications are maintained in accordance with UVic’s Information Security Policy (IM7800).

Security and vulnerability assessments can be part of a project, major system or application deployment, or operational processes.  One-time scans as well as scheduled automated scans can be requested.

The objective of a security and vulnerability assessment is to identify security risks to UVic infrastructure, information, or systems.  The deliverable of this service is a report of findings with recommended remediation actions.

Tools and Services Utilized

This service utilizes automated network scanners to enumerate network systems or devices and identify known security vulnerabilities.  Network scanners are updated regularly to ensure the latest vulnerability information is incorporated and detected when scanning.  The current suite of network scanners include Nessus Vulnerability Scanner and nmap, as well as manual testing and verification where appropriate.

This service utilizes automated web application security and vulnerability scanners that search for software vulnerabilities within web applications. These tools check website's applications for common security problems such as cross site scripting, SQL injections, server and application misconfigurations, and remote command execution vulnerabilities. They will also check for vulnerabilities in your web server, proxy, web application server, and web services.  The current suite of web application security and vulnerability scanners include Acunetix Web Vulnerability Scanner and Burp Suite as well as manual testing and verification where appropriate.

Who can use this service?

  • Faculty
  • Staff
  • Departments

How do I request or access this service?

Email explaining what you would like to scan.  A member of the Information Security Office will review your request and develop a test plan.  Testing is normally performed against a development or pre-production version of your service to minimize the chance of service disruption.

What is the cost for this service?

This service is provided free of charge.

When is this service available?

The Information Security Office is open 8:30am to 4:30pm, Monday to Friday.

How do I get help with this service?

For assistance with this service, please contact the Computer Help Desk:

Telephone: 250-721-7687
In person: Locations & hours