Secure Purdue Information Technology

Purdue Systems Security Services

SecurePurdue, IT, and Purdue at large offer a variety of security-related services to help the University community achieve the goals of the SecurePurdue initiative. Use the links below to access security-related services at Purdue.

Vulnerability Management

The Purdue IT Vulnerability Management service is available to university assets. It provides insight into what exactly is on the network and the vulnerabilities associated with the discovered system. Vulnerability scan data can be used to generate reports, dashboards, and projects that can help prioritize remediation efforts. This service gives the University a clear understanding of potential risk exposure. PSS vulnerability scanning services includes network scans, agent-based scanning, and several reporting options.

For more information and to request access to the IT MVM service contact: security@purdue.edu.

 

Report a Security Incident

If you suspect that your Purdue or personal computer has been compromised, report a Security Incident.

Web Application Vulnerability Scanning

The IT Security Services group performs web application vulnerability scans against web applications before they are placed in production. These scans are performed against internally developed applications or hosted applications before "go-live" to help identify and resolve any major vulnerabilities that exist. The scans can take one day or up to a month to complete depending on the complexity and size of the application.

The scan will check for high risks such as SQL Injection, information leakage, and Cross-Site Scripting vulnerabilities. A high level summary report and a detailed report are provided after the scans are completed. The summary report provides a high-level description of the issues found and their possible causes, while the detailed report provides all that is included in the summary report with more detail and remediation recommendations for each vulnerability found. Typically unauthenticated and authenticated scans are performed against the web application.

For further information regarding web application security please see the Open Web Application Security Project (OWASP) web page located at owasp.org.

To request a scan, please submit the questionnaire via Qualtrics. Contact the Security Officer of your department for the anti-spam token. If you have any questions, please send an email to appsec@lists.purdue.edu.

Steam Purdue Security Team

STEAM is the IT security incident response team at Purdue, which is composed of IT professionals from all University IT departments who share information and offer assistance when IT security incidents occur.

Security Downloads

Access free antivirus and security software. Log in to find the appropriate version for your computer.

Endpoint Protection Service

Purdue Systems Security (PSS) offers Endpoint Detection and Response (EDR) for University system administrators. To request access or learn more, email security@purdue.edu.

Identity and Access Management Services

The Identity Access Management Office (IAMO) coordinates the activities of identity assignment and role-based access across the University, and provides a consistent means of identifying Purdue University constituents and allowing them access to resources while ensuring an individual's privacy.

Filelocker

Filelocker is an open-sourced program created by Purdue University that allows faculty and staff a convenient way to securely share files with other people, both on and off campus.

New IT Software or Services Security Review

Before purchasing new IT software or services, request a Vendor Security Review.

Application Design Review

The application design review is a consulting engagement targeting the software development approach. The focus is preventing security issues before the application is deployed into production.

To request the service:
Send a brief description of the application along with your contact information to appsec@lists.purdue.edu.

Once initiated, these reviews are managed entirely by the IT Purdue Systems Security and Policy group. Any problems or issues will be addressed directly with PSS staff.

SharePoint Restricted Data Storage

SharePoint Restricted Data Storage is the approved location for the storage of restricted data within SharePoint. To request a site within this storage area, proceed to the SharePoint Restricted Data Storage Portal.

Contact Us