dhis2-devs team mailing list archive

Thread
Date

Re: Application Security testing for DHIS 2

To: Lars Helge Øverland <lars@xxxxxxxxx>, Morten Olav Hansen <morten@xxxxxxxxx>, dhis2-devs <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: Aamer Mohammed <aamerm@xxxxxxxxxxxxxxxx>
Date: Tue, 23 Aug 2016 15:01:40 +0530
Cc: twoca <twoca@xxxxxxxxxxxxxxxx>, Claes-Philip Staiger <claes-philip@xxxxxxxxxx>, Theo Krommydakis <theo.krommydakis@xxxxxxxxxxxxxx>
In-reply-to: <CAP3CzMj4g-FcnUHj_hf1gb8QSRMVMr1WraYaeBXR5OAHsnGj1g@mail.gmail.com>

Hi dhis devs,

We are looking for testing the application in areas which focus on "CIA
triad" (Confidentiality, Integrity, Availability) of DHIS users and
resources. Just wanted to check from DHIS devs if any kind of methodologies
are already inplace for testing the code for below vulnerabilities.
1) Cross-site scripting attacks
2) Broken authentication attacks
3) Injection flaws
4) malicious code

Thanks
Aamer.

On Fri, Jul 29, 2016 at 5:37 PM, Aamer Mohammed <aamerm@xxxxxxxxxxxxxxxx>
wrote:

> Hi Team,
>
> We are now beginning to look at application security of DHIS 2. We want to
> understand if there is already any security testing in place for DHIS and
> any guidelines around it. This will be helpful in security testing the
> features which we have already contributed and the ones which we are
> planning to.
> It would be helpful if you get us started around this.
>
> Thanks
> Aamer.
>
>

Follow ups

Re: Application Security testing for DHIS 2
From: Greg Wilson, 2016-08-23

References

Application Security testing for DHIS 2
From: Aamer Mohammed, 2016-07-29