Roger's Portfolio Website!

2024 Capris Security Assessment

Written by

roger

in

Scope: Client-Side Infrastructure Security Review & Remediation

Summary: I was engaged by a client to independently validate and expand upon a vulnerability assessment report previously conducted by a third-party contractor. The report focused on seven interconnected web applications, each with unique objectives and security profiles critical to the client’s infrastructure.

Tasks:

  • Review the original vulnerability assessment report
  • Validate findings and assess accuracy
  • Conduct a deeper, independent security audit
  • Identify overlooked vulnerabilities
  • Develop and execute a comprehensive remediation plan
  • Coordinate with the original assessment team for final verification

Actions:

While the third-party report covered surface-level issues, it missed a dozen+ critical vulnerabilities—primarily due to a lack of familiarity with the underlying CMS technologies (primarily WordPress) and custom application logic. For example:

  • No enumeration or assessment of vulnerable WordPress plugins
  • No review of insecure custom logic and business workflows
  • Lack of testing around access control and input sanitization

Additionally, I worked directly with the businesses internal teams over a mutli week engagement performing actions like:

  • Manually validated each finding from the original report and expanded coverage with my own black-box and white-box testing
  • Conducted a CMS-aware audit, discovering misconfigurations, outdated components, and plugin vulnerabilities
  • Reverse-engineered custom application flows to uncover logic flaws and insecure implementations
  • Created a prioritized remediation gameplan, balancing business risk and development effort
  • Remediated vulnerabilities directly by patching code, hardening server configurations, and removing insecure plugins
  • Worked with the original assessment vendor to verify that all issues had been mitigated to their satisfaction

Results:

All sites were successfully hardened, patched, and revalidated, improving the client’s security posture significantly. This engagement emphasized my ability to critically evaluate third-party assessments, identify gaps, and provide end-to-end remediation and coordination with multiple stakeholders The 3rd party security auditing team confirmed and validated the remediation and controls I implemented, concluding the engagement.

Comments

12 responses to “2024 Capris Security Assessment”

  1. cheap enclomiphene usa cheap

    discount enclomiphene generic online pharmacy

    cheap enclomiphene cost new zealand

  2. acheter kamagra en spain

    acheter kamagra en suisse acheter

    comprar kamagra contrareembolso

  3. comprar androxal en santiago

    purchase androxal purchase in canada

    purchase androxal australia buy online

  4. purchase flexeril cyclobenzaprine canadian sales

    flexeril cyclobenzaprine overnight no script mastercard accepted

    online order flexeril cyclobenzaprine generic is it legal

  5. gabapentin chicago where to buy

    buy gabapentin price generic

    buy gabapentin canada how to buy

  6. fildena online without a perscription

    discount fildena cheap real

    canada cheap fildena

  7. online order staxyn cheap from canada

    discount staxyn cheap wholesale

    how to order staxyn where to purchase

  8. buy cheap itraconazole generic does it work

    buy itraconazole generic south africa

    cheapest buy itraconazole usa overnight delivery

  9. cheap avodart generic uk next day delivery

    buy cheap avodart price dubai

    how to buy avodart generic compare

  10. how to order xifaxan purchase online from canada

    ordering xifaxan canada over the counter

    buy cheap xifaxan cheap from canada

  11. order rifaximin cheap united states

    ordering rifaximin price uk

    how to buy rifaximin cheap in uk

  12. kanadský levný kamagra

    nákup kamagra dodání peněz v hotovosti

    kamagra bez dr

Leave a Reply

More posts