Zero-day webserver vulnerabilities are a concern for all organizations. They represent a particular challenge for large, decentralized universities, because identifying affected sites can take time. Scanning a university with thousands of webservers among tens of thousands of hosts can take several or more hours to complete, delaying notifications to affected IT units.
For this reason, IA has developed WebStor, software that maintains and constantly refreshes a database of all webservers' responses for an organization. This database can be queried at any time to check for common or even custom fingerprints of webservers with new publicly disclosed vulnerabilities.
WebStor ties together DNS zone data, rapid port scanning with with Masscan, parallel web requests, and fingerprint databases from other widely-used utilities. It refreshes the response database regularly so that queries always give an up-to-date picture aligned with the current state of campus websites.
With WebStor, Information Security professionals can identify all instances of exposed webservers with a zero-day vulnerability in minutes or even seconds and pass the information on to affected server administrators. WebStor will be a difference-maker in reducing exploitations of vulnerable webservers at U-M.