Skip to main content

Web Application Scan Request

In order to maintain the integrity and security of web application at Sacramento State, the Information Security Office purchased the Acunetix web scan application. This tool can scan your application for a multitude of potential breach points such as SQL Injection, Cross site scripting, Web Security, Directory Traversal, Ajax Application Security, and Google Hacking to name a few.

Please use the request form for all scan requests as the tool can only scan one application at a time. Once the scan request has been received, a member from the Information Security Office will contact you to schedule the scan. The information Office replies to scan request with in two business days.

Scan Request Note

The Acunetix tool is very aggressive and performs a scan similar to an actual attack. It is imperative that the system you are requesting be scanned is a NON production system. The Information Security Office recommends that you application run on a VM as this allows for a snap shot of the configuration to be used to restore the system and application after a scan. If a VM is not available, a recent back up with in 24 hours of the scan must be on file.

If the application requires user accounts to be access, the Information Security Office will need to have account created in order for the application to access the appropriate areas.  Temporary accounts will need to be created in both user and power user roles only so the application can test appropriate security settings.

Requester Information

Note: You must back up you application and system configuration prior to the scan request being approved.

Scan Request Check List

Is there a current back up of the system and application?
Yes No

Can you provide temporary accounts in user or power user roles as applicable?
Yes No

The application being scanned is on test or development system?
Yes No

Please allow two business days for a member of the Information Security Office to contact you to schedule the scan request. Once a team member has contacted you they will ask for the information for the user and power user account. Please do not email the account information to the Information Security Office.