Oakland University needed to protect its web applications from security flaws, programming errors and other threats. It needed a solution that was compatible with its existing security audit tools and a variety of web development frameworks. The university chose to use Netsparker Web Application Security Scanner, a market leading solution that continuously scans and protects web applications from the rising threat of malicious attacks.
Safeguarding the university’s web applications from attack
Oakland University is a highly respected public university in Oakland County, Michigan. It has nearly 20,000 students and runs an extensive range of bachelors and undergraduate programs, offering professional, masters and doctoral degrees. It is the only major research university in Oakland County, supporting major research institutions including the Center for Biomedical Research, the Center for Robotics and the renowned Eye Research Institution.
The Oakland University William Beaumont School of Medicine is a collaborative, diverse, inclusive, and technologically advanced learning community, dedicated to enabling students to become skillful, ethical, and compassionate physicians, inquisitive scientists who are invested in the scholarship of discovery, and dynamic and effective medical educators.
The university has a number of websites and web applications used daily by university staff and students. This includes student portals, faculty web applications and the Oakland University’s official websites. These provide core services vital to the university’s daily running. If they were hacked or went down due to a programming error or malicious attack, confidential information could be at risk of being lost or stolen. A systems failure would also impact staff and students who rely on the university’s online services to manage their daily lives.
Dan Fryer, a Senior Windows System Engineer, and Dennis Bolton, a Network Security Analyst, are responsible for managing the security of the university’s web servers. These servers host websites and web applications built in multiple web development frameworks, including Java, PHP, .NET, Ruby, Perl and Python, which run on both IIS and Apache Tomcat web server technology.
Fryer and Bolton needed a web application security solution that could be setup and left to automatically scan for web application vulnerabilities. With an already heavy workload, the solution would need to be quick and easy to manage. It also needed to be compatible with the university’s multiple web development frameworks and its existing security audit tools. The Netsparker Web Application Security Scanner ticked all the boxes.
Web Application Security Solution
After assessing the available options, Fryer and Bolton decided to use Netsparker; the only false positive free web application security scanner on the market. It has a built in exploitation engine that confirms vulnerabilities and it can be setup to automatically test all the university’s web applications for flaws that leave them exposed to hackers.
With full support for AJAX and JavaScript, Netsparker is fully compatible with all the university’s web development technologies. It is also fully up-to-date on all the latest potential security flaws and vulnerabilities that can be exploited by hackers.
“Since the university’s web applications are frequently changing to adapt to the students’ and university’s needs and because malicious attacks are becoming more sophisticated, it is important that we keep on scanning all of them frequently for the latest type of security threats to ensure that no vulnerabilities are left undetected,” said Fryer, “We chose Netsparker because it is more tailored to web application security and has features that allow the university to augment its web application security needs.”
Fryer now uses Netsparker Web Application Security Scanner to run monthly scans and also do web application security checks on demand. Once a scan is complete, reports on confirmed flaws and vulnerabilities are generated in PDF or xml format. These are handed to the university’s IT security team (on which Bolton serves) for analysis and to advise on fixes. The IT team then rescans all of the university’s web applications to confirm that reported vulnerabilities are fixed and the university’s web applications are secure.
A ‘hands-off’ solution that saves time and offers reassurance that web applications are secure
Checking for and eliminating web application security threats can be a very time consuming and repetitive task. Netsparker however, provides the Oakland University’s IT team with a host of user friendly features that make the process quick and easy to manage.
Scans are scheduled and left to run automatically, while its at a glance reporting and actionable insights ensure the university’s IT team knows exactly what to do. There is no time wasted checking for web application vulnerabilities manually or having to figure out a solution. All the information is provided for them. This has enabled the university’s IT team to gain more time to focus on other tasks and gain the reassurance knowing the university’s web applications are secure and free from vulnerabilities at all times.
“We chose Netsparker since it is very easy to use. It helped our team increase the visibility into the security of our web applications,” explained Fryer.
About Oakland University
Oakland University is a top-rated academic institution in southeast Michigan offering 132 bachelor’s degree programs and 124 graduate degree and certificate programs. As a state-supported institution of higher education, Oakland University has a three-fold mission: It offers instructional programs of high quality that lead to degrees at the baccalaureate, master’s and doctoral levels, as well as programs in continuing education; it advances knowledge and promotes the arts through research, scholarship, and creative activity; and it renders significant public service. In all its activities, the university strives to exemplify educational leadership in a diverse and inclusive environment.
About Netsparker
Netsparker is an industry leading automated web application security scanner developed by Netsparker. Netsparker management and engineers have more than a decade of experience in the web application security industry that is reflected in their product, Netsparker. Netsparker is a very easy to use web application security scanner that automates most of the web application security scanning. Since an out of the box installation of Netsparker is able to scan a wide variety of web applications, web security experts, penetration testers and QA people do not need to spend countless amount of hours tweaking and configuring the security scanner. Netsparker is revolutionising web application security by being the only web application security scanner to automatically verify detected web vulnerabilities, thus reporting no false positives.
About Netsparker
Netsparker is a young and enthusiastic UK based company. Netsparker is focused on developing a single web security product - the false positive free Netsparker Web Application Security Scanner. Founded in 2009, Netsparker is one of the leading web application security scanners and is used by world renowned companies such as Samsung, NASA, Skype, ING and Ernst & Young.