Security Scanning Tools

To reduce IT security risks and supplement existing security practices, the Office of Cybersecurity periodically conducts vulnerability scans on campus computers to search for well-known, high-risk exposures. The Office of Cybersecurity can perform both host-based and web application scanning. You can also use our web-based service to submit basic vulnerability scans against your machines and have the scans sent back via email.

User Scanning/Self-Compliance Tools

Watchfire AppScan (Valid UW System ID Required)
The Web Application Vulnerability Scan service allows administrators to scan their web servers for common vulnerabilities, e.g. cross-site scripting, SQL injection, etc., and have a report of any found issues sent to their email address. The scan engine used is Watchfire’s AppScan with a default configuration.

Other Scanning Information

Centralized Campus Scanning
This applies to all computers connected to the University campus network, including but not limited to those located in the residence halls, as well as remote computers accessing the UW-Madison network through WiscWorld dial-in, DoIT DSL or DoIT cable modem service.

Microsoft Baseline Security Analyzer

Office of Cybersecurity/DoIT Scanning IPs