Cybersecurity in UCSC genome browser mirror
25 views
Skip to first unread message
Vasundhara Anbalagan
Dec 2, 2025, 2:40:55 PM (11 days ago) Dec 2
to Hiram Clawson, Maximilian Haeussler, Clay Fischer, gen...@soe.ucsc.edu, DL HPCOps
Hi Team,
We are performing audit for the Regeneron UCSC Genome Browser (RUGB) and for the same, we need clarification for the below cybersecurity related questions at application level:
-
Are persistent cookies or cookies that store credentials in plaintext used?
-
Is there an application management process used to regularly update the solution's code to remediate security vulnerabilities?
-
Do the application uses API?
It would be great if we were provided with answers for the same. Do let me know in case of any questions.
Regards,
Vasundhara A
Regeneron - Internal
********************************************************************
This e-mail and any attachment hereto, is intended only for use by the addressee(s) named above and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, any dissemination, distribution or copying of this email, or any attachment hereto, is strictly prohibited. If you receive this email in error please immediately notify me by return electronic mail and permanently delete this email and any attachment hereto, any copy of this e-mail and of any such attachment, and any printout thereof. Finally, please note that only authorized representatives of Regeneron Pharmaceuticals, Inc. have the power and authority to enter into business dealings with any third party.
********************************************************************
This e-mail and any attachment hereto, is intended only for use by the addressee(s) named above and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, any dissemination, distribution or copying of this email, or any attachment hereto, is strictly prohibited. If you receive this email in error please immediately notify me by return electronic mail and permanently delete this email and any attachment hereto, any copy of this e-mail and of any such attachment, and any printout thereof. Finally, please note that only authorized representatives of Regeneron Pharmaceuticals, Inc. have the power and authority to enter into business dealings with any third party.
********************************************************************
Matthew Speir
Dec 7, 2025, 4:26:41 PM (5 days ago) Dec 7
to Vasundhara Anbalagan, Hiram Clawson, Maximilian Haeussler, Clay Fischer, gen...@soe.ucsc.edu, DL HPCOps
Hello, Vasundhara.
Thank you for your questions.
Thank you for your questions.
Are persistent cookies or cookies that store credentials in plaintext used?
While we do use persistent cookies, they do not store credentials in plaintext.
Is there an application management process used to regularly update the solution's code to remediate security vulnerabilities?
One of our engineers shares: UCSC IT regularly scans all UCSC websites, including ours, and have occasionally found little bugs like HTML/JS injection that we have then addressed in our code. We have code that defends against SQL injection queries and use a nonce in script tags to make sure that Javascript that is added to the page later can't execute.
Is this what you're referring to? If not, please provide more details to clarify your question.
Is this what you're referring to? If not, please provide more details to clarify your question.
Do the application uses API?
Can you be more specific about what you mean by "API" in this context? Are you asking about external website's APIs, or if our web pages send AJAX requests to our servers, or something else?
If you have any further questions, please reply to gen...@soe.ucsc.edu. All messages sent to that address are archived on a publicly-accessible Google Groups forum. If your question includes sensitive data, you may send it instead to genom...@soe.ucsc.edu.
---
Matthew Speir
UCSC Genome Browser, User Support
--
---
You received this message because you are subscribed to the Google Groups "UCSC Genome Browser Public Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to genome+un...@soe.ucsc.edu.
To view this discussion visit https://groups.google.com/a/soe.ucsc.edu/d/msgid/genome/DS0PR20MB653683C8FC20C8FDD53DE6119ED8A%40DS0PR20MB6536.namprd20.prod.outlook.com.
Vasundhara Anbalagan
Dec 8, 2025, 9:37:15 PM (4 days ago) Dec 8
to Matthew Speir, Hiram Clawson, Maximilian Haeussler, Clay Fischer, gen...@soe.ucsc.edu, DL HPCOps
Hi Matthew,
Thanks for the updates.
Regarding API, I want to know do the mirror uses API, if so does it use HTTP Basic Authentication or OAuth v1 for authenticating users or applications?
In addition to this, we would also like to check if tileDB and genomicsDB utilities are used in UCSC Genome Browser mirror if not, what are the possibilities of integrating the same.
It would be great if we were provided with answers for the same. Do let me know in case of any questions.
Regards,
Vasundhara A
From: Matthew Speir <msp...@ucsc.edu>
Sent: Monday, December 8, 2025 2:56 AM
To: Vasundhara Anbalagan <vasundhara...@regeneron.com>
Cc: Hiram Clawson <hi...@soe.ucsc.edu>; Maximilian Haeussler <mhae...@ucsc.edu>; Clay Fischer <clayf...@ucsc.edu>; gen...@soe.ucsc.edu <gen...@soe.ucsc.edu>; DL HPCOps <HPC-Ope...@regeneron.com>
Subject: [External] Re: [genome] Cybersecurity in UCSC genome browser mirror
Sent: Monday, December 8, 2025 2:56 AM
To: Vasundhara Anbalagan <vasundhara...@regeneron.com>
Cc: Hiram Clawson <hi...@soe.ucsc.edu>; Maximilian Haeussler <mhae...@ucsc.edu>; Clay Fischer <clayf...@ucsc.edu>; gen...@soe.ucsc.edu <gen...@soe.ucsc.edu>; DL HPCOps <HPC-Ope...@regeneron.com>
Subject: [External] Re: [genome] Cybersecurity in UCSC genome browser mirror
Regeneron - Internal
Maximilian Haeussler
Dec 11, 2025, 10:27:55 AM (2 days ago) Dec 11
to Vasundhara Anbalagan, Matthew Speir, Hiram Clawson, Clay Fischer, gen...@soe.ucsc.edu, DL HPCOps
> Just a follow up! Regarding API, I want to know do the mirror uses API, if so does it use HTTP Basic Authentication or OAuth v1
> for authenticating users or applications? For what process and all APIs are used and how they are managed.
The API does not authenticate users. It only has public data access functions.
> In addition to this, we would also like to check if tileDB and genomicsDB utilities are used in UCSC Genome Browser
> mirror if not, what are the possibilities of integrating the same.
No. We don't use these file formats. We can look into a converter, but these formats are not ideal for interactive visualisations that we produce. It would be great if you could put us in touch with the user who requested these, as it would be good to get some context, because the fact that this is coming up suggests to me that someone doesn't know our "track hub" feature.
best
Max
Vasundhara Anbalagan
Dec 11, 2025, 11:52:27 AM (2 days ago) Dec 11
to Matthew Speir, Hiram Clawson, Maximilian Haeussler, Clay Fischer, gen...@soe.ucsc.edu, DL HPCOps
Hi Matthew,
Thanks for the updates.
Just a follow up! Regarding API, I want to know do the mirror uses API, if so does it use HTTP Basic Authentication or OAuth v1 for authenticating users or applications? For what process and all APIs are used and how they are managed.
In addition to this, we would also like to check if tileDB and genomicsDB utilities are used in UCSC Genome Browser mirror if not, what are the possibilities of integrating the same.
It would be great if we were provided with answers for the same. Do let me know in case of any questions.
Regards,
Vasundhara A
From: Vasundhara Anbalagan <vasundhara...@regeneron.com>
Sent: Tuesday, December 9, 2025 3:43 AM
To: Matthew Speir <msp...@ucsc.edu>
Sent: Tuesday, December 9, 2025 3:43 AM
To: Matthew Speir <msp...@ucsc.edu>
Cc: Hiram Clawson <hi...@soe.ucsc.edu>; Maximilian Haeussler <mhae...@ucsc.edu>; Clay Fischer <clayf...@ucsc.edu>; gen...@soe.ucsc.edu <gen...@soe.ucsc.edu>; DL HPCOps <HPC-Ope...@regeneron.com>
Subject: Re: [External] Re: [genome] Cybersecurity in UCSC genome browser mirror
Regeneron - Internal
Reply all
Reply to author
Forward
0 new messages