As part of the campus Cybersafety policy, all publicly facing web applications must be scanned for vulnerabilities. This is particularly important if the web application stores any Personal Identity Information (PII). Setting up an environment for web development that includes the necessary infrastructure for proper vulnerability scanning can be a daunting activity. If you are embarking on a web application, contact IT Shared Services to consult on the process as it is much less expensive to set up the environment at the outset.
The particular technology that the campus uses is a tool called AppScan from IBM. General information about this offering can be found here: http://security.ucdavis.edu/appsecurity.html