OpenMRS Security Assessment Wiki Assessment Template D

From Foss2Serve
Revision as of 11:02, 28 January 2017 by Clif.kussmaul (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

As of ..., your project WIKI page should include the content described below. You should earn at least 30 points during this phase.


Identify the Assessment Area Here


The instructor will be compiling all of the submissions for this assignment into a report that will be made publicly available. If you wish public recognition for your contribution, list the way you would like to be identified here. You are encouraged to include your OpenMRS ID (

Executive Summary

When you finish this assignment, write a brief summary of the most important parts of this document. Imagine that a person with authority to make sweeping changes to OpenMRS is reading this executive summary. You have one sentence to get her attention and two minutes to tell her what she needs to do, why it is important and how you know. (2 points per useful paragraph, maximum 8 points)


This section was described in a previous template.


This section was described in a previous template.


This section was described in a previous template.

Design Principes

This section was described in a previous template.

Summary of Findings

Summarizing the risks that were not adequately controlled and the design principles that were violated. (2 points per useful paragraph.)


Make at actionable recommendations that will address significant issues from your findings. Actionable means that there are specific steps that can be taken to implement the recommendation. For each one, make a section like the following. (2 points per useful paragraph, figure or code fragment.)

Name of Recommendation

Describe the threat that is being addressed. Make the specific recommendation. Provide details that are needed to implement this recommendation. State how to tell if the recommendation was implemented correctly. (For example, if you recommend a technique that eliminates SQL injection attacks, explain how to test if the SQL injection attack you identified is still present.)


Write a one or two paragraph conclusion. (2 points per useful paragraph)

This work by Steven P. Crain ( is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License


Personal tools
Learning Resources
HFOSS Projects