Overview
The CUIT Security Team is providing a service to report on vulnerabilities found on the Columbia University Network. Through the process the CUIT Security team will distribute the results and findings discovered. The scan and the report will occur monthly, CUIT Security can not provide reports between the scheduled scans. The CUIT Security team can only provide advisement on how to to resolve findings, we can not assist with the actual work involved on the vulnerable system. CUIT Security has developed a page to assist with the understanding of vulnerabilities or CVE Common Vulnerabilities and Exposures. It can be found under the page labeled “Common Vulnerabilities and Exploits (CVE) Lookup”.
Types of findings
The solution is looking for vulnerabilities that attackers could exploit on the system. This could lead to data loss or downtime of the system. Vulnerabilities in systems and jeopardize the integrity of the system.
Patch Management
The core function of the product is to identify missing patches and updates on systems. This means the software is out of date and has a security flaw which could be used to compromise the system.
Application Security and CDN Security
The findings in this section are to identify flaws in web application code. Vulnerabilities discovered here could lead to a compromise of a database or defacement of a website. These type of findings in this section are normally associated to the OWASP Top 10 vulnerabilities- Such as Cross-Site Scripting or SQL Injections.
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software.
How to get started
Please Email cybersec@columbia.edu with your request, indicating your departmental affiliation and security contact email address.