Educause Security Discussion mailing list archives
Re: Security Assessment of iMathAS
From: Shawn Merdinger <shawnmer () GMAIL COM>
Date: Fri, 20 Jan 2017 14:32:05 -0500
Hi Miguel, Have your iMathAS code audit and pentesting results been communicated with the developers? They would likely have some value to add to the results, possible false positives, etc. Cheers, --scm On 1/20/17, Miguel Hernandez <miguel.hernandez () domail maricopa edu> wrote:
Colleagues, Has anyone conducted an assessment of the Internet Mathematics Assessment System (iMathAS) [http://www.imathas.com]? We've conducted both a static code analysis using CheckMarx as well as a penetration test against the app, both with very "interesting" results. For those running iMathAS, how have you secured it? We are willing to share and discuss results with anyone interested privately. [image: eSig Logo] Miguel Hernandez IV, Ph.D. CISSP, CISA Associate Vice Chancellor ITS Chief Information Security Officer 2411 West 14th Street, Tempe AZ 85281 email | miguel.hernandez () domail maricopa edu website | https://www.maricopa.edu *Follow me on Twitter <https://twitter.com/mh4phd>.* This message contains information which may be confidential and/or privileged. If you are not the intended recipient of this message, please notify the sender, delete and do not use or disseminate this information.
Current thread:
- Security Assessment of iMathAS Miguel Hernandez (Jan 20)
- Re: Security Assessment of iMathAS Shawn Merdinger (Jan 20)