Human rights work can be very sensitive and those working on the collection and documentation of human rights information need a safe and secure digital environment to do so.
Uwazi is HURIDOCS’ web-based database application designed for human rights defenders to manage collections of information, including documents, evidence, cases and complaints. For us it is paramount to safeguard the integrity of our partners’ data, and that is why we have requested an in-depth security assessment of Uwazi.
The security audit was performed by Recurity Labs, who specialises in IT-security consulting services. The assessment included general application security testing as well as an investigation to find out if there are instances of information leakage. This was done according to the OWASP list of top 10 and the SANS list of top 25 vulnerabilities and security risks.
The security audit found that Uwazi has a high-level of security. The evaluation, which included manual and automated testing, identified four types of minor vulnerabilities which have since been addressed and patched to prevent exploitation.
We are very grateful for the support of Recurity Labs, who have performed the audit pro bono. Thank you.
This is the second independent audit that has been undertaken of Uwazi, and is part of HURIDOCS’ commitment to share tools we develop as open source, but strengthened by expert review.
Do you have a collection of human rights information that needs support? HURIDOCS would love to help. Get in touch!