Web application scans at CERN

CERN Computer Security Team regularly scans all Web sites and Web applications at CERN, visible on the Internet, or on the General Purpose Network (office network) using the Google tool "Skipfish". The goal of this scanning is to improve the quality of CERN Web sites, by finding and correcting potential security vulnerabilities before then get exploited by malicious people. All deficits found will be reported by e-mail to the relevant Web site owners, and must be fixed in a timely manner.

Web site owners may also request one-off scans of their Web site or Web application, by sending an e-mail to Computer.Security@cern.ch.

These Web scans are designed to limit the impact on the scanned Web sites. Nevertheless, in very rare cases scans may cause undesired side-effects, e.g. generate a large number of log entries, or cause particularly badly designed or less robust Web applications to crash. If a Web site is affected by these security scans, it will also be susceptible to any more aggressive scan that can be performed any time by a malicious attacker. Such Web applications should be fixed, and also additionally protected (e.g. by restricting their visibility).

Any questions or comments regarding Web scanning should be addressed to Computer.Security@cern.ch.