Vulnerability Assessments

For years, the University of Cincinnati has been building its arsenal in the war to keep our information safe – our computers and our networks protected. There are many tools that our dedicated IT personnel may use to help improve the information security posture at UC. Among these are two enterprise vulnerability scanning tools owned by UC: Hailstorm and QualysGuard.

These vulnerability scanning tools are designed to test systems and applications for weaknesses. They are constantly being updated to mitigate the latest hacker tricks and computer/network exploits and they use this information to run up-to-date security tests on designated systems.

Hailstorm is a risk-management tool specializing in application security. It helps to provide a thorough understanding of application security flaws and what it will take to eliminate them. In the wake of many information losses across U.S. industry, including a number of highly-publicized SQL injection attacks, we strongly recommend that all web application owners contact us to run a security scan. Taking action on the recommendations made by a Hailstorm scan will help to minimize the risk that the affected application may be leaving information or systems open to exploitation.

QualysGuard is a sophisticated enterprise vulnerability assessment, policy compliance and remediation management tool that provides an extensive built-in database with the latest CVE vulnerability definitions. It can run numerous vulnerability checks against thousands of devices to provide coverage of web applications, databases, operating systems, network devices and other hardware/software. QualysGuard not only provides detailed information on what vulnerabilities exist within a system, but also includes step-by-step solution guide to solve those problems.

The UCIT Office of Information Security (UCIT OIS) offers vulnerability scanning as a free service to any system or application owner at UC. You will receive a detailed report that outlays any significant vulnerability found and how to fix it. We strongly encourage everyone that owns a computer or application accessible from the web to contact us and schedule a scan. Contact the UCIT OIS at vulnscanning@uc.edu or 513-558-ISEC (4732) to request a vulnerability scan.

  • University of Cincinnati UCIT Office of Information Security
  • University Hall
  • 51 Goodman Drive
  • Cincinnati, OH 45221