Arizona’s UniversitiesInformation Technology SecurityREPORT Universities' Web-HIGHLIGHTS based applications arePERFORMANCE AUDITvulnerableSubjectSerious security weaknesses exist inInformation technology(IT) security practices at Arizona State University’s (ASU), theArizona's three University of Arizona’s (UA), and Northernuniversities are important Arizona University’s (NAU) Web-basedto protect the large applications, which may allowamount of sensitive dataunauthorized persons to obtain, modify,stored on theiror delete sensitive data.computers. Such datacan include social• Manipulate records—In two otherWeb-bbased applications—A Web-basedsecurity numbers, creditapplications, we were able to exploit aapplication is a software program orcard numbers, and otherweakness that would have allowed us topersonal, financial, and system that allows a user to perform atake over a large number of user accountseducational information transaction, such as register for classesfor more than 145,000 and change information.or purchase a parking permit, over thestudents, faculty, andInternet. • Attack and affect other users' computers—staff.In several of the six applications, auditorsArizona's universities make extensive use identified flaws that attackers often use toOur Conclusionof Web-based applications for such take over user accounts and installThe universities’ Web- services as student admissions, financial malicious software.based applications are aid, ...
Voir