Application Security Review
Introduction
Security reviews provide a thorough overview of the current state of an application, server, or endpoint device and its security.
All Virginia Tech applications should properly implement data security policies and standards to ensure integrity and authenticity. Compliance with these policies and standards strengthens application security by checking for software vulnerabilities and assessing security countermeasures.
Application security reviews cover a multitude of important security concepts:
- Machine Documentation
- Systems inventory list
- Network map
- Firewall Verification
- Vulnerability Scanning
- Penetration Testing
- Network-based Applications
- Network traffic analysis
- Determine potential attack vectors
- Version checking
- Web-based Applications
- Injection attack testing
- Data policy compliance
- Version checking
Upon requesting a security review, the IT Security Office will reach out to schedule a time to scan the applicable devices and establish the scope of the scan.
Once the scan is done, the IT Security Office will prepare a report of any and all major security issues and the full scan results.
If any security issues were found, the affected devices and applications should be quarantined until all issues are resolved.
Procedures
Request a Web Application Vulnerability Scan
- Login to 4Help.
- Navigate to the Vulnerability and Web Application Scanning request item.
- Click Request this service and fill out the request form.
Request a Security Review
Virginia Tech departments may request a security review of a commercial or homegrown application. The Virginia Tech IT Security Office (ITSO) is responsible for conducting security reviews, which can be requested through 4Help or by emailing ITSO at itso@vt.edu.
- Login to 4Help.
- Navigate to the Application Reviews request item.
- Click Request this service and fill out the request form.