When your task is to set up and request a Security Scan for any of the Non-WordPress sites.
Scans happen every month except November
Web Dev Schedule https://docs.google.com/spreadsheets/d/1Ol1rg1LZ6FjlFvz8ViCSg83pBb-5sShzuyxmc_Hg_oU/edit#gid=0
Vulnerability scan schedule https://docs.google.com/spreadsheets/d/1ABb68I7LHtG2fIh2CiMAMC_L45QUVfqP0bJfqkqW0NM/edit#gid=0
- Check the “Vulnerability scan schedule” to see what’s on the list for the current month
Copy all the links listed for that month
- In the code, comment out any automatic emails so they won’t get sent.
Check the .htaccess file to make sure that the itsoscan security office can access the sites.
Remove the #(hashtag) in the “CUWA2FARequire CIT-2FA-Exempt” line to allow them to scan with Duo disabled.
Send an email to security-services@cornell.edu requesting a scan.
Please run a security scan on our test sites https://testspi.aad.cornell.edu/ and https://testconnect.aad.cornell.edu/ at your earliest convenience. We have prepared for it by turning off notifications and disabling the automated emails.- Check the reports that come back for any issues more than low-level risk
- When any issues are dealt with save the zipped scan reports on the S-drive and delete them from your computer
