Web Application Scan Request
In order to maintain the integrity and security of web application at Sacramento State, the Information Security Office purchased the Acunetix web scan application. This tool can scan your application for a multitude of potential breach points such as SQL Injection, Cross site scripting, Web Security, Directory Traversal, Ajax Application Security, and Google Hacking to name a few.
Please use the request form for all scan requests as the tool can only scan one application at a time. Once the scan request has been received, a member from the Information Security Office will contact you to schedule the scan. The information Office replies to scan request with in two business days.
Scan Request Note
The Acunetix tool is very aggressive and performs a scan similar to an actual attack. It is imperative that the system you are requesting be scanned is a NON production system. The Information Security Office recommends that you application run on a VM as this allows for a snap shot of the configuration to be used to restore the system and application after a scan. If a VM is not available, a recent back up with in 24 hours of the scan must be on file.
If the application requires user accounts to be access, the Information Security Office will need to have account created in order for the application to access the appropriate areas. Temporary accounts will need to be created in both user and power user roles only so the application can test appropriate security settings.