openIMIS Penetration Testing

Penetration testing, often referred to as pen testing or ethical hacking, is a crucial security practice aimed at identifying and addressing vulnerabilities within an information system. This form of testing involves simulating cyber attacks under controlled conditions to explore the security features of a system, application, or network. The primary goal of penetration testing is to discover security weaknesses before malicious attackers can exploit them, thereby preventing unauthorized access and potential data breaches.

Penetration testing: openIMIS

For organizations deploying systems like openIMIS, penetration testing is essential. It helps ensure that sensitive health insurance data remains protected against threats, thereby supporting the integrity and confidentiality of the information. By regularly conducting penetration tests, organizations can better understand their security posture, improve their defenses, and maintain trust with stakeholders and users by demonstrating a commitment to data security. This proactive approach to security helps safeguard the system against emerging threats and aligns with best practices in IT security.

Following these premises, we conducted thorough pen testing on openIMIS, aiming to identify the system’s vulnerabilities, and improve its security posture. 

In this article you will learn what was our strategy going into this challenge, what steps we took to get the most exhaustive results, what tools we used, and how we organized the results reporting.

Information gathering

Before launching penetration tests on openIMIS, comprehensive information gathering was essential. This foundational step involves collecting exhaustive details about the system and its underlying technologies, which in turn enhances the effectiveness of the testing tools. To achieve this, we utilized a blend of passive scanning techniques and manual investigations.

  1. Subdomain Discovery: Using Sublist3r, we identified multiple subdomains associated with the openIMIS system. Each subdomain represents a potential entry point, and understanding their scope and vulnerabilities is crucial.
  2. Code Repository Scans: Tools like GitLeaks and TruffleHog were deployed to scrutinize code repositories for sensitive data that might have been inadvertently exposed.
  3. Server Fingerprinting: Whatweb, a freely available tool, was employed to fingerprint the web server, providing basic but essential information about the server configuration.
  4. Technology Profiling: Wappalyzer and BuiltWith were instrumental in detailing the technologies used in openIMIS. Wappalyzer, as a browser extension, and BuiltWith, as a web-based service, both offered insights into JavaScript frameworks, libraries, content delivery networks, and more.
  5. Network Analysis: Netcat proved extremely valuable for its versatility in network interactions, allowing us to engage directly with the openIMIS infrastructure. Additionally, we utilized nmap for its robust port scanning capabilities, which provided detailed information about open ports, service identifications, and potential vulnerabilities.
  6. Source Code Review: Given that openIMIS is an open-source application, our white-box testing approach included thorough examinations of the source code for developer comments and potential security oversights.

This proactive and detailed information gathering phase not only set the stage for targeted and effective penetration testing but also ensured a comprehensive understanding of the system’s architecture and potential security gaps.

Security testing strategy

In our pursuit of robust security for openIMIS, we strategically chose a development server for our testing activities to prevent any service disruptions to actual users. This choice underpins our commitment to responsible testing practices.

Leveraging existing security frameworks

The openIMIS environment comes equipped with SAST, DAST, and SCA capabilities, which provide us with a rich foundation of existing reports and analyses. Utilizing these resources, we were able to identify potential issues and integrate this intelligence into our penetration testing efforts.

Combining automated and manual testing

Our methodology incorporated a mix of automated tools and manual testing to ensure a comprehensive examination of the application’s security. As part of our white box testing approach, we had access to test users, documentation, and the source code. This level of access, typical of open-source projects, allowed us to pinpoint vulnerabilities within the codebase with high precision. 

The openness of openIMIS, while increasing vulnerability to potential attackers who also have access to this information, underscores the necessity of our thorough testing regime. By ethically leveraging our insight into the system, we aim to proactively identify and mitigate vulnerabilities before they can be exploited maliciously.

Formulating targeted vector attacks

With a combination of automated test results and our in-depth knowledge of openIMIS, gained from both the existing security frameworks and our initial information gathering, we crafted specific vector attacks tailored for penetrating the system. This process began with automated tests to scout for vulnerabilities, followed by manual testing to deepen the investigation into detected issues. Our goal was to uncover as many vulnerabilities as possible within the predefined scope, subsequently cataloging these findings to prioritize and address them effectively. By simulating actual exploits, we could assess the potential impact and severity of each vulnerability, thereby informing a targeted and prioritized remediation strategy.

This strategic blend of technology and expertise was crucial in fortifying the security of openIMIS. Being committed to safeguarding this critical healthcare management tool against both current and future threats, we utilized a variety of skills to ensure it is protected.

Pen testing tools

In the rigorous security assessment of openIMIS, we deployed a suite of sophisticated tools and techniques that were integral to our testing methodology. Each tool was chosen for its specific capabilities, which allowed us to execute a range of attacks, scan and modify requests, decode data, and intercept communications effectively.

Network and application analysis tools

Our toolkit included advanced applications like OWASP ZAP and Burp Suite, which facilitated comprehensive request scanning and vulnerability detection. Additionally, Kali Linux, a widely recognized security-focused operating system, provided us with a robust platform equipped with various tools tailored for penetration testing. One such tool is Ettercap, utilized primarily for conducting man-in-the-middle attacks, allowing us to expose potential data intercepting vulnerabilities.

Comprehensive OWASP testing

Adhering to the OWASP guidelines, we ensured that our testing approach matched the highest industry standards. The use of OWASP ZAP and other tools spanned across numerous testing categories—such as authentication processes, session management, and API testing. This adherence not only broadened our testing scope but also deepened the rigor of our security evaluation.

Strategic tool integration

Our approach involved using these tools in tandem to simulate a variety of attack scenarios. For instance, by combining the data intercepting capabilities of Ettercap with the analysis power of Wireshark, we could more accurately assess how data flows through the network and pinpoint weak spots in data handling and transmission. Each vulnerability detected was thoroughly tested using a mix of tools to exploit it fully, enabling us to ascertain the most precise severity rating. This comprehensive exploitation helped us gauge the actual risk posed by each vulnerability, ensuring that our remediation efforts were accurately prioritized according to the real-world threat they represented.

Through strategic utilization of these tools, our security testing went beyond mere detection, providing a detailed and actionable insight into how vulnerabilities could be exploited, thus enabling more effective defenses against potential security breaches in openIMIS.


Our process for reporting and managing the results of the openIMIS security testing was carefully designed to maintain the confidentiality of sensitive information while providing clear and actionable insights to stakeholders. This methodical approach was essential for both documenting the findings accurately and facilitating the prioritization and resolution of security issues.

Secure documentation and communication

The results from our testing were compiled into a comprehensive report, following careful guidelines to keep all sensitive details private. Each identified vulnerability was assessed using the CVSS (Common Vulnerability Scoring System), which provided a standardized framework for rating the severity of the issues based on their impact and exploitability.

Detailed vulnerability disclosure

Our report included detailed descriptions of each vulnerability, accompanied by proof of concept, an analysis of how the vulnerability could affect the application, its severity, and our recommendations for remediation. This structured format helped stakeholders understand the practical implications of each finding and the urgency of the required responses.

Areas of concern

The vulnerabilities we identified spanned several aspects of the system. By pinpointing these areas, our report not only highlighted where the application was most at risk but also guided the development team on where to focus their immediate efforts.

Prioritization of remediation efforts

By leveraging the CVSS scores and our detailed analyses, we were able to prioritize the vulnerabilities based on their potential impact. This prioritization enabled the openIMIS team to allocate resources efficiently, addressing the most severe vulnerabilities first to mitigate the risk to the system and its users effectively.

Through this carefully designed reporting and results management process, we ensured that all findings were communicated securely and effectively, empowering openIMIS to enhance its defenses against a variety of security threats.


In conclusion, our comprehensive security testing of the openIMIS system culminated in the creation of a detailed 60-page report. This document, containing all our findings and recommendations, was shared with the stakeholders. We conducted thorough discussions with them to outline a remediation plan tailored to address each identified vulnerability effectively. These collaborative sessions were crucial for aligning our security enhancement strategies and ensuring that every vulnerability was understood and addressed according to its severity and potential impact on the system.

Technologies used

Secure your future

We offer versatile software security services designed to minimize risks and maximize protection of your system.


You might also like


Don't miss new updates!

GDPR Information*
Scroll to Top