Problem Statement

Approach

Projects

• Page:
  Project: Security 2022 — Penetration Testing and Source Code Review for the openIMIS web application
• Page:
  Project: Security 2021 — SecurityONE is the chosen partner to perform penetration testing of openIMIS web application. The objective of these security tests is to identify potential areas of concern associated to the openIMIS web application in its actual state and to determine how a motivated attacker can breach the system.

Results

• Background: Open Web Application Security Project (OWASP)

• Security Testing

Related links

Incubator pages

• Page:
  Idea: Two-factor authentication — System shall require 2 factor authentication to verify changes in contact details table (email or phone number):

  • System shall send notification to user upon validation of user data change

  • System shall allow user to validate and approve user detail updates

Literature

• SocialProtection.org security report

Security labelled pages in the wiki

• Page:
  2018-06 Code Review (openIMIS)

  • testing
  • theme-security
  • testing-security
• Page:
  2018-11 Code Review (openIMIS)

  • testing
  • theme-security
  • testing-security
• Page:
  2021-12 Penetration Test (openIMIS)

  • testing
  • theme-security
  • testing-security
• Page:
  2022-08 Code Review (openIMIS)

  • testing
  • theme-security
• Page:
  2022-09 Penetration Test (openIMIS)

  • testing
  • testing-security
  • theme-security
• Page:
  2022-10 UNDP Security Review (openIMIS)

  • testing
  • theme-security
  • testing-security
• Page:
  2023-09-03 Digital Square Security Review (openIMIS)

  • testing
  • theme-security
  • testing-security
• Page:
  2023-10 - Comprehensive Security Assessment of the openIMIS Web Application through Penetration Testing (openIMIS)

  • theme-security
  • testing-security
  • testing
• Page:
  2023-10 OWASP Compliance Report (openIMIS)

  • testing
  • theme-security
  • testing-security
• Page:
  Backend security - Administrators highlights (openIMIS)

  • target
  • security
  • backend
  • architecture
  • administrators
• Page:
  Backend security - Developers guidelines (openIMIS)

  • developers
  • security
  • target
  • architecture
• Page:
  Backend security - Implementers highlights (openIMIS)

  • architecture
  • backend
  • target
  • implementers
  • security
  • modular
• Page:
  Backend security - Models and Concepts (openIMIS)

  • security
  • architecture
  • backend
  • target
• Page:
  Background: Open Web Application Security Project (OWASP) (openIMIS)

  • theme-security
• Page:
  Code Quality Initiative (openIMIS)

  • security