Reporta was designed to empower journalists working in potentially dangerous conditions to quickly implement their security protocols with the touch of a button.
This report documents the findings of the penetration test and source code audit of the Reporta applications and their PHP backend. The assessment of the state of security at Reporta was carried out by five members of the Cure53 team over the course of fifteen days in September and October of 2016. The assignment yielded a total of 32 security issues and included numerous findings critically affecting the Reporta suite.
The full audit and summary of findings can be found below.