Human rights work can be very sensitive and those working on the collection and documentation of human rights information need a safe and secure digital environment to do so. For us it is paramount to safeguard the integrity of our partners’ data, and that is why we have requested an in-depth security assessment of Uwazi.
The security audit was performed by Recurity Labs, who specialises in IT-security consulting services. The assessment included general application security testing as well as an investigation to find out if there are instances of information leakage. This was done according to the OWASP list of top 10 and the SANS list of top 25 vulnerabilities and security risks.
The security audit found that Uwazi has a high-level of security. The evaluation, which included manual and automated testing, identified four types of minor vulnerabilities which have since been addressed and patched to prevent exploitation.
This is the second independent audit that has been undertaken of Uwazi, and is part of HURIDOCS’ commitment to share tools we develop as open source, but strengthened by expert review.