EddyCatt
commented
1 year ago Client has sent the results for the final Web Application Security Assessment, drafted by UN OICT Cybersecurity section (as attachment). For mitigations on high severity risks, they recommend to update NGINX, Python and JavaScript libraries to the latest versions. After a meeting, UN agrees to ask to OICT to remove these requirements as it would be impossible for us to update each application involved with GeoNode and GeoServer every time a new version is released. For this reason, UN needs from us a document for OICT, containing a list of current involved applications and related versions, with some explanations about why it is needed to use those versions, for example, to keep consistency among related tools, if they are still in their life time, etc. OICT-SMS-SAS-UNMISS South Sudan Web Application Security Assessment v1.0 November 2022 (2).docx
UN has completed vulnerability testing activities on Geoportal and they have sent security recommendations, highlighting their severity to help determine urgency and priority of mitigation actions. (see attached file) An estimation of effort is needed for the mitigation actions
OICT-CSS-2022-UNMISS Web Application Security Assessment v1.0.docx