Penetration testing report

Description

This document describes vulnerabilities tested for and found in Mermaid Diagrams for Confluence cloud Add-on. Vulnerabilities are rated by their risk levels.

Vulnerability ratings are : Critical, High, Medium, Low.

Test category

Risk

Vulnerabilities

Conclusion

Test category

Risk

Vulnerabilities

Conclusion

Cross Site Scripting

Low

0

XSS attempted at fields “filename“, “width“ and “markup” in macro editor dialog.

SQL Injection

Low

0

Not applicable since no database is used.

Below table shows results of response headers tested by Security Headers online tool.

Backend

Rating

Note

Backend

Rating

Note

https://mermaid.stratus-addons.com

A

May not achieve A+ rating due to the nature of the app which conflicts with X-Frame-Options header

Testing frequency

Penetration testing is conducted quarterly.

Bug bounty

This add-on is part of the Bug Bounty program which enables security researchers to disclose security vulnerabilities to the vendor.