Penetration testing report
Description
This document describes vulnerabilities tested for and found in Mermaid Diagrams for Confluence cloud Add-on. Vulnerabilities are rated by their risk levels.
Vulnerability ratings are : Critical, High, Medium, Low.
Test category | Risk | Vulnerabilities | Conclusion |
|---|---|---|---|
Cross Site Scripting | Low | 0 | XSS attempted at fields “filename“, “width“ and “markup” in macro editor dialog. |
SQL Injection | Low | 0 | Not applicable since no database is used. |
Below table shows results of response headers tested by Security Headers online tool.
Backend | Rating | Note |
|---|---|---|
https://mermaid.stratus-addons.com | May not achieve A+ rating due to the nature of the app which conflicts with X-Frame-Options header |
Testing frequency
Penetration testing is conducted quarterly.
Bug bounty
This add-on is part of the Bug Bounty program which enables security researchers to disclose security vulnerabilities to the vendor.