Penetration testing report
Description
This document describes vulnerabilities tested for and found in PlantUML Diagrams for Confluence cloud Add-on which includes the frontend and the backend. Vulnerabilities are rated by their risk levels.
Vulnerability ratings are : Critical, High, Medium, Low.
Test category | Risk | Vulnerabilities | Conclusion |
|---|---|---|---|
Cross Site Scripting | Low | 0 | XSS attempted at fields “filename“, “width“ and “markup” in macro editor dialog. |
SQL Injection | Low | 0 | Not applicable since no database is used. |
Below table shows results of response headers tested by Security Headers online tool.
Backend | Rating | Note |
|---|---|---|
https://exp.stratus-addons.com | Set permission policy to achieve A+ rating | |
https://puml4cc.stratus-addons.com | May not achieve A+ rating due to the nature of the app which conflicts with X-Frame-Options header |
Testing frequency
Penetration testing is conducted quarterly.