Enterprise Security

Web Application Security Assessments (WASAs) are an in-depth penetration test for common vulnerabilities, such as SQL Injection, Authorization Bypass and Cross-Site Scripting (CSS). Depending on the size of the application, WASAs can take an estimated five business days to complete the initial assessment. WASAs cannot be started until the EAS team receives a completed questionnaire, with working test accounts and a full directory listing.

Note: Please ensure that all URLs and test accounts work before submitting the questionnaire.

The VA Network and Security Operations Center (NSOC) support team performs monthly vulnerability scans for the entire VA enterprise as well as vulnerability and compliance scanning of facilities in advance of Office of Inspector General visits. In the event that an ad-hoc or supplemental scan is required to assess a more specific network environment (for example, a facility within a larger campus, all targets related to a GSS or major application, etc.) a supplemental scan request is required in order to coordinate the scan with CSS.

Supplemental Scan Request.pdf

(The scan request is available to JIRA account holders only.)