Totem security audit call for proposals

Totem is an online learning service focused on digital security training for activists and journalists. Totem aims for optimal security of the platform to protect its users and partners. For that reason, we are looking for a security auditor that can make sure our server has been setup securely, and that no information leaks out of the Open edX platform.

Launched in 2016 by Free Press Unlimited and Greenhost, it currently has more than 30 courses in five languages. Totem uses a MOOC platform called Open edX which is set up as a combination of Docker containers, orchestrated with Tutor. In addition to the platform, Totem has a number of interactive learning elements that can be integrated into courses, and a website that uses the Open edX API.

We are looking for a security expert that can:

The deliverable we expect is a full report that describes weaknesses in the security and explains how we can solve them. We are looking for a security auditor that communicates with the team and likes to share their knowledge so the team can improve their practices.

If you are interested, please send your expression of interest to expression of interest should include a reason why you believe you’re the right partner for us; examples of relevant previous work; and a rough budget (or a list of questions you’d like us to answer before you can provide us with a quote). This is an open call without a deadline.