Security Test Report
Overview
This report contains all the security bugs that were identified in various MOSIP modules. This is a combination of both web application and API related security testing scenarios.
Timeline
This report is prepared based on the security testing performed on the 1.2.0 version of MOSIP.
Setup detail
For testing the modules we have used state of the art security testing tools such as Burpsuite Professional, owasp ZED attack proxy, wireguard and other Linux tools.
Web application details
In MOSIP we have three modules that have web-based UI interfaces. These modules are Preregistration, Administration and Partner-management-Portal. All three have been tested thoroughly.
API Details
All other modules in MOSIP do not have any web-based interface and these modules communicate with each other using APIs. The details of the APIs in MOSIP 1.2.0 are available here.
Summary of the findings by severity
Web Security Vulnerability Snapshot
Detailed Findings
Scenario 1
Scenario 2
Scenario 3
Scenario 4
Scenario 5
Scenario 6
Scenario 7
Scenario 8
Scenario 9
Scenario 10
Scenario 11
Scenario 12
Scenario 13
Scenario 14
Scenario 15
Scenario 16
Scenario 17
Scenario 18
Scenario 19
Scenario 20
Scenario 21
Scenario 22
Scenario 23
Scenario 24
Scenario 25
Scenario 26
Scenario 27
Last updated