Report only has medium and low level security concerns. see email from ISAM below.
Hello,
Attached you will find the report for the ATLAS assessment. I am quite happy to report that we did not see any high or critical level issues at this time and only a handful of Medium and low level issues that might require some attention as time and resources allow.
We used a combination of tools including Burp Suite, AppScan, and Network scanning tools to help us automatically detect any open ports/services or other issues as well as verify findings as much as possible on our side. Given the restricted nature of the page some tools had limited access such as our TLS scanners. We evaluated three different levels of user access (Unauth, User, Admin), finding admin incorporated most of the findings from the lower scans. I think some possible vulnerable JS components was the largest worry, but this might be vendor restricted. The attached report has much more information included for review, but I understand can be quite daunting in length. Please do not hesitate to reach out with any questions or need for further details. All in all I think you folks are in pretty great shape and can proceed with this project and can probably clean a few of these up for better security as time allows.
Scan report: ATLAS Security Report.pdf
Report only has medium and low level security concerns. see email from ISAM below.
Hello,
Attached you will find the report for the ATLAS assessment. I am quite happy to report that we did not see any high or critical level issues at this time and only a handful of Medium and low level issues that might require some attention as time and resources allow.
We used a combination of tools including Burp Suite, AppScan, and Network scanning tools to help us automatically detect any open ports/services or other issues as well as verify findings as much as possible on our side. Given the restricted nature of the page some tools had limited access such as our TLS scanners. We evaluated three different levels of user access (Unauth, User, Admin), finding admin incorporated most of the findings from the lower scans. I think some possible vulnerable JS components was the largest worry, but this might be vendor restricted. The attached report has much more information included for review, but I understand can be quite daunting in length. Please do not hesitate to reach out with any questions or need for further details. All in all I think you folks are in pretty great shape and can proceed with this project and can probably clean a few of these up for better security as time allows.
Thank You,
Nick Toeniskoetter ISAM - Security Analyst University of Missouri Toeniskoettern@missouri.edu