Securus Global was recently engaged by Instructure to test the Canvas LMS product for security vulnerabilities and the results were surprising. Overall, 10 vulnerabilities were found in the risk assessment, of which one was marked as critical and another one as high risk. By having an independent observer review the Canvas product, they were able to find vulnerabilities that had previously gone undetected by Instructure’s internal developers. Furthermore, by having this testing done in a public manner, The Canvas LMS is now far more secure than what it was previously.
Here is an excerpt from the article published in e-Literate:
When talking to Instructure staff, they appeared to be surprised by the existence of the critical item, given their history of internal security audits and automated testing. In other words, Securus Global found vulnerabilities that Instructure has been unable to find. As Josh Coates, CEO of Instructure, related to me, it is a classic engineering case that having another set of eyes look at your system will inevitably find issues that the developers may miss – if you are too close to the problem, you often can’t see the issue.
To read the full article visit: http://mfeldstein.com/analysis-of-instructure-security-testing/