OpenMRS Security Assessment Wiki Assessment Template D

From Foss2Serve
Revision as of 21:23, 18 August 2015 by Scrain (Talk | contribs)
Jump to: navigation, search

As of 5/8, your project WIKI page should include the content described below. You should earn at least 30 points during this phase.

Contents

Identify the Assessment Area Here

Authors

The instructor will be compiling all of the submissions for this assignment into a report that will be made publicly available. If you wish public recognition for your contribution, you should create an OpenMRS ID at https://id.openmrs.org and then include your OpenMRS ID and optionally your name here.

Executive Summary

When you finish this assignment, write a brief summary of the most important parts of this document. Imagine that a person with authority to make sweeping changes to OpenMRS is reading this executive summary. You have one sentence to get her attention and two minutes to tell her what she needs to do, why it is important and how you know. (2 points per useful paragraph, maximum 6 points)

Scope

This section was described in a previous template.

Assets

This section was described in a previous template.

Risks

This section was described in a previous template.

Design Principes

This section was described in a previous template.

Summary of Findings

Summarizing the risks that were not adequately controlled and the design principles that were violated. (2 points per useful paragraph.)

Recommendations

Make at actionable recommendations that will address significant issues from your findings. Actionable means that there are specific steps that can be taken to implement the recommendation. For each one, make a section like the following. (2 points per useful paragraph, figure or code fragment.)

Name of Recommendation

Describe the threat that is being addressed. Make the specific recommendation. Provide details that are needed to implement this recommendation. State how to tell if the recommendation was implemented correctly. (For example, if you recommend a technique that eliminates SQL injection attacks, explain how to test if the SQL injection attack you identified is still present.)

Conclusion

Write a one or two paragraph conclusion. (2 points per useful paragraph)


This work by Steven P. Crain (...@plattsburgh.edu) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Creativecommons-by-nc-sa-40.png

Personal tools
Namespaces
Variants
Actions
Events
Learning Resources
HFOSS Projects
Evaluation
Navigation
Toolbox