When your task is to set up and request a Security Scan for any of the Non-WordPress sites.
Scans happen every month except November
Web Dev Schedule https://docs.google.com/spreadsheets/d/1Ol1rg1LZ6FjlFvz8ViCSg83pBb-5sShzuyxmc_Hg_oU/edit#gid=0
Vulnerability scan schedule https://docs.google.com/spreadsheets/d/1ABb68I7LHtG2fIh2CiMAMC_L45QUVfqP0bJfqkqW0NM/edit#gid=0
Security Scans archive: https://cornell.box.com/s/jeekdk83wpvrwe9daeu3aniyvlg9v70s
Copy all the links listed for that month
Check the .htaccess file to make sure that the itsoscan security office can access the sites.
Remove the #(hashtag) in the “require shib-attr uid itsoscan” line to allow them to scan with Duo disabled.
Send an email to security-services@cornell.edu requesting a scan.
Please run a security scan on our test sites https://testspi.aad.cornell.edu/ and https://testconnect.aad.cornell.edu/ at your earliest convenience. We have prepared for it by confirming that “itsoscan” has permission, turning off notifications and disabling the automated emails.
Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.
|