Non-profit organization that works under the mission of arming and articulating the power to reinvent and rebuild politics , every day.
In February, Radically Open Security (ROS) carried out a penetration test for Nossas Cidades in order to assess the security of the Nossas Cidades applications and guide Nossas in attempting to find vulnerabilities. The penetration test exploited any such vulnerabilities found to try and gain further access and elevated privileges.
Ultimately, ROS found 1 moderate and one elevated-severity issues. The attack surface of the application is very small, and the application implements some additional security controls, such as request throttling and input validation. This reduces the opportunity for security issues dramatically. While some minor security issues were discovered during the audit, the overall security was strong.
The full penetration test and summary findings can be found below.