Stix

As part of our ongoing security efforts, we’ve engaged external experts, River Security, to assess our security posture. They specialize in offensive security, or “Red Team” activities, and we affectionately refer to them as “kind bandits.”

The exercise aimed to uncover:

• Unknown attack surfaces and vulnerabilities
• Potential information leaks
• Opportunities to enhance security

Results:

• 10 domains, 89 subdomains, and 87 applications reviewed
• Some third-party apps needed upgrading
• Internal tools unnecessarily accessible online
• Vulnerabilities to “User Enumeration Attack” identified
• Incomplete security headers (CSP, HSTS, SPF, DKIM, DMARC) for some domains

No critical vulnerabilities or data leaks were found. One medium severity item that required a simple upgrade, while the rest where low-severity “hygiene points.”

Having an external perspective is invaluable. River Security’s professionalism, attention to detail, and well-executed process impressed us. Security is paramount, and partnering with experts like River Security reaffirms our commitment to safeguarding services and users.

External expertise is crucial in areas where we lack proficiency. River Security’s work provided assurance and a reminder of the perpetual need for improvement. Read full article here: https://stix.no/fokus-pa-sikkerhet/