In a world where “web-enabled” is the order of the day, the ability to perform automated technical security assessments of applications that hold Tufts most critical and sensitive data is a necessity. To address this security challenge, UIT Information Security researched, evaluated, and chose AppScan, an application vulnerability scanning tool that both prevents and detects by allowing UIT IS to quickly and cost-effectively assess web-based business applications and services developed by commercial vendors, business partners, outsourcing firms, and Tufts' in-house development teams for security concerns.
AppScan, in conjunction with UIT's current assessment services, supplements traditional quality assurance efforts by proactively finding problems early in the development cycle when they are less expensive to fix and less vulnerable to external exploits, such as identity theft and financial fraud. This innovative service complements UIT's security consulting services and blends together with current network based (IDS) protection efforts and anti-virus efforts to provide more secure and robust operations. A significant benefit to this approach is the ability to provide basic metrics to identify common themes across Tufts, helping UIT IS to measure patterns and continuous improvement over time.