To reduce IT security risks and supplement existing security practices, IT Security periodically conducts vulnerability scans on campus computers to search for well-known, high-risk exposures. The Office of Cybersecurity can perform both host-based and web application scanning. You can also use our web-based service to submit basic vulnerability scans against your machines and have the scans sent back via email.
- Scan Your Own Computer with Nessus (Valid UW System ID Required)
Nessus is an open source vulnerability scanner used by organizations world-wide. DoIT provides a web interface to Nessus scanning software that UW System can use to run basic vulnerability scans against their machines and have the scans sent back via email. The scan will inform you of the number of security holes, warnings and notes found on your computer, among other things.
Simply click on the link above, and enter the requested information. If you don’t know your IP address, and have Windows, click the lower left Start button, then Choose Run. Enter "cmd." At the C:\> prompt, enter "ipconfig" and hit enter. This will provide you with your IP address.
- Watchfire AppScan (Valid UW System ID Required)
The Web Application Vulnerability Scan service allows administrators to scan their web servers for common vulnerabilities, e.g. cross-site scripting, SQL injection, etc., and have a report of any found issues sent to their email address. The scan engine used is Watchfire's AppScan with a default configuration.
- Centralized Campus Scanning
This applies to all computers connected to the University campus network, including but not limited to those located in the residence halls, as well as remote computers accessing the UW-Madison network through WiscWorld dial-in, DoIT DSL or DoIT cable modem service.