Security Test Report


This report contains all the security bugs that were identified in various MOSIP modules. This is a combination of both web application and API related security testing scenarios.


This report is prepared based on the security testing performed on the 1.2.0 version of MOSIP.

Setup detail

For testing the modules we have used state of the art security testing tools such as Burpsuite Professional, owasp ZED attack proxy, wireguard and other Linux tools.

Web application details

In MOSIP we have three modules that have web-based UI interfaces. These modules are Preregistration, Administration and Partner-management-Portal. All three have been tested thoroughly.

API Details

All other modules in MOSIP do not have any web-based interface and these modules communicate with each other using APIs. The details of the APIs in MOSIP 1.2.0 are available here.

Summary of the findings by severity

Web Security Vulnerability Snapshot

Detailed Findings

Scenario 1

Scenario 2

Scenario 3

Scenario 4

Scenario 5

Scenario 6

Scenario 7

Scenario 8

Scenario 9

Scenario 10

Scenario 11

Scenario 12

Scenario 13

Scenario 14

Scenario 15

Scenario 16

Scenario 17

Scenario 18

Scenario 19

Scenario 20

Scenario 21

Scenario 22

Scenario 23

Scenario 24

Scenario 25

Scenario 26

Scenario 27

Last updated

Copyright Β© 2021 MOSIP. This work is licensed under a Creative Commons Attribution (CC-BY-4.0) International License unless otherwise noted.