Improving security through Penetration Testing for Discourse


For those less familiar with Discourse it is an advanced discussion platform (if it helps you can think of it like a web forum on steroids). Discourse is used extensively across thousands of organisations. A few of the many customers of Discourse include:

  • Twitter
  • Cisco
  • GitHub
  • Ubuntu
  • Docker
  • Bloomberg
  • ….

We performed penetration testing on the Discourse discussion platform and identified 8 vulnerabilities, including 7 High Impact Vulnerabilities and 1 Low impact vulnerability. Once we identified the vulnerabilities, Discourse took actions to address these vulnerabilities and improve the security of Discourse. Normally due to confidentiality reasons we don’t disclose any penetration testing activities, however thankfully Discourse is transparent and allows us to share a good story for penetration testing.

Discourse has provided their thanks for our help in improving their security:

“Huge thanks to Vertex Technologies

http://blog.discourse.org/2016/08/discourse-1-6-released/

 

We are glad we were able to improve the security of such a great open source product !