...
- Check the “Vulnerability scan schedule” to see what’s on the list for the current month
Copy all the links listed for that month
- In the code, comment out any automatic emails so they won’t get sent.
Check the .htaccess file to make sure that the itsoscan security office can access the sites.
Remove the #(hashtag) in the “CUWA2FARequire CIT-2FA-Exempt” line to allow them to scan with Duo disabled.
Send an email to security-services@cornell.edu requesting a scan.
Please run a security scan on our test sites https://testspi.aad.cornell.edu/ and https://testconnect.aad.cornell.edu/ at your earliest convenience. We have prepared for it by turning off notifications and disabling the automated emails.- Check the reports that come back for any issues more than low-level risk
- When any issues are dealt with save the zipped scan reports on the S-drive and delete them from your computer
...