Security and Policy Services

SecurePurdue, ITAP and Purdue at large offer a variety of security-related services to help the University community achieve the goals of the SecurePurdue initiative. Use the links below to access security-related services at Purdue.

Vulnerability Management

The ITaP Vulnerability Management service is available to University System and Network Administrators. It provides an insight into what exactly is on the network and the potential vulnerabilities they create. Vulnerability scans can be setup and ran on a scheduled basis. These scans can be Intrusive or Non-Intrusive in nature and can even be ran against mobile devices. Authentication can be added for a deeper vulnerability and policy scan. Recommendation is to use an antivirus software.

For more information and to request access to the ITaP MVM service contact: itap-securityhelp@purdue.edu.

Report a Security Incident

If you suspect that your Purdue or personal computer has been compromised, report a Security Incident.

Web Application Vulnerability Scanning

Web applications, while extremely useful, are a major threat vector for all organizations. A study by nCircle found that there was a 154% increase from 2007 to 2008 in web application vulnerabilities and that number was expected to continue to grow by 25% in 2009.

The IT Security Services group performs web application vulnerability scans against web applications before they are placed in production. These scans are performed against internally developed applications or hosted applications before "go-live" to help identify and resolve any major vulnerabilities that exist. The scans can take one day or up to a month to complete depending on the complexity and size of the application.

The scan will check for high risks such as SQL Injection, information leakage, and Cross-Site Scripting vulnerabilities. A high level summary report and a detailed report are provided after the scans are completed. The summary report provides a high-level description of the issues found and their possible causes, while the detailed report provides all that is included in the summary report with more detail and remediation recommendations for each vulnerability found. Typically unauthenticated and authenticated scans are performed against the web application.

For further information regarding web application security please see the Open Web Application Security Project (OWASP) web page located at owasp.org.

To request a scan please submit requests via Qualtrics. Request the anti-spam token from your Security Officer. If you have any questions please send an email to itap-securityhelp@purdue.edu.

Steam Purdue Security Team

STEAM is the IT security incident response team at Purdue, which is composed of IT professionals from all University IT departments who share information and offer assistance when IT security incidents occur.

Security Downloads

Access free antivirus and security software. Log in to find the appropriate version for your computer.

Endpoint Protection Service

The ITaP Endpoint service is available to University system administrators. Among other benefits, this service includes reporting capabilities to determine if a department's VirusScan policy is current. For more information about the ITaP ePO service, contact:itap-securityhelp@purdue.edu.

Identity and Access Management Services

The Identity Access Management Office (IAMO) coordinates the activities of identity assignment and role-based access across the University, and provides a consistent means of identifying Purdue University constituents and allowing them access to resources while ensuring an individual's privacy.

Filelocker

Filelocker is an open-sourced program created by Purdue University that allows faculty and staff a convenient way to securely share files with other people, both on and off campus.

New IT Software or Services Security Review

Before purchasing new IT software or services, request a Vendor Security Review.

Application Design Review

The application design review is a consulting engagement targeting the software development approach. The focus is preventing security issues before the application is deployed into production.

To request the service:
Send a brief description of the application along with your contact information to appsec@itsp.purdue.edu.

Send the code and any documentation for the application in a compressed file to Kate Nice (wang2262) via Filelocker.

Once initiated, these reviews are managed entirely by the ITaP Security and Policy group. Any problems or issues will be addressed directly with ITSP staff.