Purdue Systems Security Services

SecurePurdue, IT, and Purdue at large offer a variety of security-related services to help the University community achieve the goals of the SecurePurdue initiative. Use the links below to access security-related services at Purdue.

Vulnerability Management

The IT Vulnerability Management service is available to University System and Network Administrators. It provides an insight into what exactly is on the network and the potential vulnerabilities they create. Vulnerability scans can be setup and ran on a scheduled basis. These scans can be Intrusive or Non-Intrusive in nature and can even be ran against mobile devices. Authentication can be added for a deeper vulnerability and policy scan. Recommendation is to use an antivirus software.

For more information and to request access to the IT MVM service contact: it-securityhelp@purdue.edu.

Report a Security Incident

If you suspect that your Purdue or personal computer has been compromised, report a Security Incident.

Web Application Vulnerability Scanning

The IT Security Services group performs web application vulnerability scans against web applications before they are placed in production. These scans are performed against internally developed applications or hosted applications before "go-live" to help identify and resolve any major vulnerabilities that exist. The scans can take one day or up to a month to complete depending on the complexity and size of the application.

The scan will check for high risks such as SQL Injection, information leakage, and Cross-Site Scripting vulnerabilities. A high level summary report and a detailed report are provided after the scans are completed. The summary report provides a high-level description of the issues found and their possible causes, while the detailed report provides all that is included in the summary report with more detail and remediation recommendations for each vulnerability found. Typically unauthenticated and authenticated scans are performed against the web application.

For further information regarding web application security please see the Open Web Application Security Project (OWASP) web page located at owasp.org.

To request a scan, please submit the questionnaire via Qualtrics. Contact the Security Officer of your department for the anti-spam token. If you have any questions, please send an email to appsec@lists.purdue.edu.

Steam Purdue Security Team

STEAM is the IT security incident response team at Purdue, which is composed of IT professionals from all University IT departments who share information and offer assistance when IT security incidents occur.

Security Downloads

Access free antivirus and security software. Log in to find the appropriate version for your computer.

Endpoint Protection Service

The ITaP Endpoint service is available to University system administrators. Among other benefits, this service includes reporting capabilities to determine if a department's VirusScan policy is current. For more information about the ITaP ePO service, contact:it-securityhelp@purdue.edu.

Identity and Access Management Services

The Identity Access Management Office (IAMO) coordinates the activities of identity assignment and role-based access across the University, and provides a consistent means of identifying Purdue University constituents and allowing them access to resources while ensuring an individual's privacy.

Filelocker

Filelocker is an open-sourced program created by Purdue University that allows faculty and staff a convenient way to securely share files with other people, both on and off campus.

New IT Software or Services Security Review

Before purchasing new IT software or services, request a Vendor Security Review.

Application Design Review

The application design review is a consulting engagement targeting the software development approach. The focus is preventing security issues before the application is deployed into production.

To request the service:
Send a brief description of the application along with your contact information to appsec@lists.purdue.edu.

Once initiated, these reviews are managed entirely by the IT Purdue Systems Security and Policy group. Any problems or issues will be addressed directly with PSS staff.