author thumb

Hello, my name is Zhewei Hu
Software Engineer@Pinterest
Ph.D.@NC State

OpenMRS Security Evaluation

Open Medical Record System (OpenMRS®) was created in 2004 as a open source medical record system platform for developing countries – a tide which rises all ships. Read more at: About OpenMRS


  1. Performed a security review based upon the OWASP Top 10, the CWE/SANS Top 25, and generated static analysis report.
  2. Documented the findings and providing remediation suggestions to correct and adverse findings.
  3. Drew a threat model using the Microsoft Threat Modeling Tool (MSTMT).
  4. Developed abuse/misuse diagram for one of the system modules.
  5. Detailed misuse case description for one of the attacks in the abuse/misuse case diagram.
  6. Made ten security requirements (either functional or non-functional) for OpenMRS.
  7. Developed an attack tree for one module within OpenMRS.
  8. Evaluated one of the system modules against Jakob Nielson’s Ten Usability Heuristics.