/
Penetration testing report

Penetration testing report

Description

This document describes vulnerabilities tested for and found in PlantUML Diagrams for Confluence cloud Add-on which includes the frontend and the backend. Vulnerabilities are rated by their risk levels.

Vulnerability ratings are : Critical, High, Medium, Low.

Test category

Risk

Vulnerabilities

Conclusion

Test category

Risk

Vulnerabilities

Conclusion

Cross Site Scripting

Low

0

XSS attempted at fields “filename“, “width“ and “markup” in macro editor dialog.

SQL Injection

Low

0

Not applicable since no database is used.

Below table shows results of response headers tested by Security Headers online tool.

Backend

Rating

Note

Backend

Rating

Note

https://exp.stratus-addons.com

A

Set permission policy to achieve A+ rating

https://puml4cc.stratus-addons.com

A

May not achieve A+ rating due to the nature of the app which conflicts with X-Frame-Options header

Testing frequency

Penetration testing is conducted quarterly.

Related pages