PopMedNet Security Audit

Owned by Melanie Davies (Unlicensed)
Last updated: Oct 16, 2020 by Adam Paczuski (Unlicensed)
1 min read

Security Audit

Overview

In June of 2015, a third party auditor, Pivot Point Security, conducted a static code review of the PopMedNet v5 application as part of the PopMedNet software assurance process to provide assurance that the source code follows secure coding practices.

Pivot Point Security specializes in Application Security Code Reviews and was provided with a complete source tree of the application. Pivot Point Security performed a security review based on this source and provided a security report. Their code review methodology follows the testing approach recommended by the OWASP Application Security Vertification Standard (ASVS). Findings are mapped to both the OWASP Top 10 the Common Weakness Enumereation (CWE) project. 


Findings

Pivot Point Security determined that the application is largely secured in a manner consistent with secure coding practices and on par with similar applications that they have tested. 

No critical vulnerabilities were detected during testing.

Two areas where security could be improved were identified. Improvements to these areas will be included in the PopMedNet software development lifecycle process.