To the entire #infosec and reverse engineering community.

There has been a huge issue concerning @ExamSoft and their website and application security over the past few weeks.

I welcome any and all of you to please take a look at this and evaluate it.

It appears concerning. https://twitter.com/ExamSoft/status/1311321042980425728

I have received several messages from many concerned people attempting to use the platform to take their tests

I have also attempted to reach their security team to no avail.

Let me show everyone a serious and valid concern https://twitter.com/technologyatty/status/1311162739570610177?s=19

Additionally let me demonstrate the condition of their website in this thread:

Figure 1

Figure 2

Figure 3

They also appear to process usernames and password requests in a concerning way

This locked up their login system for several minutes vs any other username password combination

Dear @ExamSoft

It is my professional opinion, as a recognized individual in cybersecurity, that you please reevaluate your website, application, and communication processes for the sake of security. Your users have genuine concerns.

Please address & fix them

Also @ExamSoft

if you need help in establishing security or advice on setting up a bug bounty program to help identify issues like these in a safe and less public manner.

Let me introduce you to my good friend @Bugcrowd