For those less familiar with Discourse it is an advanced discussion platform (if it helps, you can think of it like a web forum on steroids). Discourse is used extensively across thousands of organisations. A few of the many customers of Discourse include:
- Cisco
- GitHub
- Ubuntu
- Docker
- Bloomberg
- ….
We performed penetration testing on the Discourse discussion platform and identified 8 vulnerabilities, including 7 High Impact Vulnerabilities and 1 Low impact vulnerability. Once we identified the vulnerabilities, Discourse took immediate actions to address these vulnerabilities and improve the security of Discourse. Normally due to confidentiality reasons we don’t disclose any penetration testing activities, however thankfully Discourse is open source and allows us to share a good story for penetration testing.
Discourse has provided their thanks for our help in improving their security:
"Huge thanks to Vertex Technologies"
http://blog.discourse.org/2016/08/discourse-1-6-released/
We are glad we were able to improve the security of such a great open source product!
