Re: Security Assessment of iMathAS

[Shawn Merdinger <shawnmer () GMAIL COM>]

Hi Miguel,

Have your iMathAS code audit and pentesting results been communicated
with the developers?

They would likely have some value to add to the results, possible
false positives, etc.

Cheers,
--scm


On 1/20/17, Miguel Hernandez <miguel.hernandez () domail maricopa edu> wrote:
> Colleagues,
>
> Has anyone conducted an assessment of the Internet Mathematics Assessment
> System (iMathAS) [http://www.imathas.com]?  We've conducted both a static
> code analysis using CheckMarx as well as a penetration test against the
> app, both with very "interesting" results.  For those running iMathAS, how
> have you secured it?  We are willing to share and discuss results with
> anyone interested privately.
>
>
> [image: eSig Logo]
> Miguel Hernandez IV, Ph.D. CISSP, CISA
> Associate Vice Chancellor ITS
> Chief Information Security Officer
> 2411 West 14th Street, Tempe AZ 85281
> email | miguel.hernandez () domail maricopa edu
> website | https://www.maricopa.edu
> *Follow me on Twitter <https://twitter.com/mh4phd>.*
>
> This message contains information which may be confidential and/or
> privileged. If you are not the intended recipient of this message, please
> notify the sender, delete and do not use or disseminate this information.