Elected Security Services

​Elected Security Services Offered by DIR

The following three services are available at no cost, but organizations must specifically request them (note that Controlled Penetration Testing is not currently available to institutions of higher learning or local governments):

Controlled Penetration Testing (CPT)

Web Application Vulnerability Scanning (WAVS)

Vulnerability Scan

Controlled Penetration Testing. A CPT evaluates network and system vulnerabilities that are susceptible to attack from possibly malicious sources and analyzes system configurations, web applications, and technical weaknesses. A CPT:

  • Evaluates network security from attacker's perspective red lock signifying secure data
  • Identifies at-risk confidential or sensitive data
  • Verifies and attempts to exploit actual security vulnerabilities
  • Determines network's vulnerability to attack
  • Provides suggested countermeasures to prevent intrusion or data loss
  • Assists business impact analysis
  • Documents findings and delivers a custom report identifying vulnerabilities and describing successful exploits

This service is available at no cost to Texas state agencies. It is not currently available to institutions of higher education or local governments.

For more information about Controlled Penetration Testing, visit CPT FAQs

To order, contact DIR at dirsecurity@dir.texas.gov.

Web Application Vulnerability Scanning (WAVS). This test measures web application security against industry standard vulnerabilities including Open Web Application Security Project (OWASP) Top 10, SANS Top 20, and Web Application Security Consortium (WASC) standards.

DIR scans for all common web application vulnerabilities, including those identified in the WASC threat classification, such as SQL Injection, Cross-site Scripting, and Buffer Overflow. A detailed report is provided.

This service is available at no cost to Texas state agencies and institutions of higher education. To order, contact DIR at dirsecurity@dir.texas.gov.

Vulnerability Scan. A Vulnerability Scan is comprised of one web application vulnerability scan (WAVS) and four quarterly scans. DIR attempts to identify security vulnerabilities on all discoverable devices and hosts within the specified network range. Detailed reports are provided.

This service is available at no cost to Texas state agencies and institutions of higher education.

To order, contact DIR at dirsecurity@dir.texas.gov.