The OSU Information Security Services group offers vulnerability scanning for your servers, workstations, or websites. The results of vulnerability scans can be used to proactively locate, identity, and assess vulnerabilities. Ideally, the results allow departments to prioritize and re-mediate the systems before they are targeted and exploited by attackers. Vulnerability scans help protect University data and can mitigate the risk of unauthorized access, theft, or malicious destruction.

Frequently Asked Questions (FAQ)

• What types of Vulnerability Scans does IT Security offer?

  IT Security currently offers network-based server scans, agent-based server scans and web application scans.

   

• How do I request a Vulnerbility Scan?

  In order to request a Vulnerability Scan, please visit the appropriate link below:

  • Agent or Network Vulnerability Scan Requests can be submitted here.

  • Web Application Vulnerability Scan Requests can be submitted here.

• How do I request a vulnerability exception to a known vulnerability?

  The vulnerability will have a vulnerability alert created by IT Security.

  • • Please respond to the alert requesting an exception.

      • IT Security will provide a questionnaire over the system and vulnerabilities.

      • After the questionnaire is filled out, IT Security will review the request and determine if the risk can be temporarily accepted.

• How do I report a False Positive Vulnerability?

  If you believe you have received a false positive vulnerability alert, you may report the false positive by filling out the form here: Vulnerability False Positive - IT Helpdesk Forms - OSU (okstate.edu)

• What is the difference between an Agent and Network Scan?

  An Agent Scan is a vulnerability scan run by the Nessus Agent already installed on the system. The scan is run to see what local/system-side vulnerabilities are on the host. 

   

  A Network Scan is a vulnerability scan run over the network on any system connected to the network. The scan is run to see what network-facing vulnerabilities are on the host. 

• What is the difference between a Credentialed Scan or Non-Credentialed Scan?

  A Credentialed Scan is a web scan that requires credentials to log into the website in order to view content on the site. 

   

  A Non-Credentialed Scan is a web scan that does not require any login to view content on the site.