Penetration testing report

Description

This document describes vulnerabilities tested for and found in Mermaid Diagrams for Confluence cloud Add-on. Vulnerabilities are rated by their risk levels.

Vulnerability ratings are : Critical, High, Medium, Low.

Test category	Risk	Vulnerabilities	Conclusion

Test category	Risk	Vulnerabilities	Conclusion
Cross Site Scripting	Low	0	XSS attempted at fields “filename“, “width“ and “markup” in macro editor dialog.
SQL Injection	Low	0	Not applicable since no database is used.

Below table shows results of response headers tested by Security Headers online tool.

Backend	Rating	Note

Backend	Rating	Note
https://mermaid.stratus-addons.com	A	May not achieve A+ rating due to the nature of the app which conflicts with X-Frame-Options header

Testing frequency

Penetration testing is conducted quarterly.

Bug bounty

This add-on is part of the Bug Bounty program which enables security researchers to disclose security vulnerabilities to the vendor.

Mermaid Diagrams for Confluence

Penetration testing report

Analytics

Description

Testing frequency

Bug bounty

Related content