Joomla! FLEXIcontent – Incorrect Authorization

During a Dynamic Application Security Test (DAST) in 2016, OpenSky identified a previously unknown security vulnerability (0-day) in FLEXIcontent v3.0.13 (http://www.flexicontent.org), a popular open source plugin for the Joomla! Content management System (CMS).   OpenSky notified the author of the plugin…

Read More

Use Security Assessments in the Right Order to Prioritize Cyber Security Program Investment Decisions to Materially Increase the Return on that Investment

Organizations, whether driven by external regulations or internal policies, have traditionally relied on an uncoordinated mix of information security assessments that has left practitioners describing risk in the language of missing controls. This ‘missing controls’ view naturally leads organizations to…

Read More