Dossier
Strix
Coverage of Strix in the Nexus archive.
- A DOD contractor’s API flaw exposed military course data and service member records
A defense technology company exposed user records and military training materials through API endpoints lacking authorization checks. The issue affected Schemata, a virtual training platform used in military settings, and included sensitive information such as user listings and course information. The vulnerability was disclosed by Strix, an open-source security testing project.
- Securing a DoD Contractor: Finding a Multi-Tenant Authorization Vulnerability
A DoD contractor was found to have a multi-tenant authorization vulnerability by Strix, a startup backed by the Department of Defense. The vulnerability is described as a zero-auth vulnerability. The discovery was made public through an article on the Strix blog.