← Back to team overview

dhis2-devs team mailing list archive

Re: Application Security testing for DHIS 2


Hi dhis devs,

We are looking for testing the application in areas which focus on "CIA
triad" (Confidentiality, Integrity, Availability) of DHIS users and
resources. Just wanted to check from DHIS devs if any kind of methodologies
are already inplace for testing the code for below vulnerabilities.
1) Cross-site scripting attacks
2) Broken authentication attacks
3) Injection flaws
4) malicious code


On Fri, Jul 29, 2016 at 5:37 PM, Aamer Mohammed <aamerm@xxxxxxxxxxxxxxxx>

> Hi Team,
> We are now beginning to look at application security of DHIS 2. We want to
> understand if there is already any security testing in place for DHIS and
> any guidelines around it. This will be helpful in security testing the
> features which we have already contributed and the ones which we are
> planning to.
> It would be helpful if you get us started around this.
> Thanks
> Aamer.

Follow ups