Web App Scanning

Concerned about the security of your web application?

Web application scanning services are available for ASU owned and operated websites. Submit a scan request in ServiceNow. A developer environment is also available to ASU application developers for self-scanning. To request developer access, please submit a ServiceNow Request.

Please note that all critical applications MUST be scanned regularly according to the Vulnerability Management Security Standard.

All critical applications are required to be listed in the CMDB, and it is highly recommended that all web applications be added to the CMDB. This is a database which is commonly used to find contacts for an application when necessary, identify which applications are critical to university processes, and to identify the flow of sensitive information. For more information please visit the CMDB Management page.

Request Your First Scan

Step 1. Read the application scanning FAQs

Step 2. Allow scanner IP addresses through your firewall

Step 3. Grant normal end-user access to a test user.

     Single Sign-on applications: Use our designated test account

     Standalone applications: Create a test user and provide us the credentials

Step 4. Backup your site. (Scans can be destructive.)

Request a scan