{ "feedback": "", "application_name": "Balsamiq Wireframes for Confluence and Jira Cloud", "application_description": "Atlassian Confluence or Jira Cloud Add­Ons for creating and collaborating on low­fidelity wireframes.", "application_vm_securitycontact_yes": "checked", "application_vm_securitycontact_no": "", "application_ssl_exclusively": "checked", "application_ssl_mixed": "", "application_ssl_none": "", "application_ssl_configuration_ciphers_yes": "checked", "application_ssl_configuration_ciphers_no": "", "application_ssl_configuration_pfs_yes": "checked", "application_ssl_configuration_pfs_no": "", "application_ssl_configuration_keys_yes": "checked", "application_ssl_configuration_keys_no": "", "application_ssl_configuration_termination_app": "", "application_ssl_configuration_termination_loadbalancer": "checked", "application_ssl_configuration_termination_other": "", "application_ssl_configuration_lb_traffic_encrypted": "", "application_ssl_configuration_lb_traffic_unencrypted_own_network": "checked", "application_ssl_configuration_lb_traffic_unencrypted_other_network": "", "application_ssl_configuration_lb_traffic_other": "", "application_ssl_mixedcontent_yes": "checked", "application_ssl_mixedcontent_no": "", "tip_application_ssl_hsts_yes": "checked", "tip_application_ssl_hsts_no": "", "application_ssl_cookies_secure_yes": "checked", "application_ssl_cookies_secure_no": "", "warn_application_ssl_cookies_secure": "", "application_webvuln_db": "checked", "application_webvuln_upload": "checked", "application_xss_templating": "checked", "application_xss_chokepoint": "checked", "application_xss_content_type_yes": "checked", "application_xss_content_type_no": "", "application_xss_fileupload_yes": "checked", "application_xss_fileupload_no": "", "warn_application_xss_fileupload": "Users can only upload projects (BMPR format) and images and PDFs inside those projects. The data is validated on the server and processed, before being stored in the database.", "application_xss_dombased_yes": "checked", "application_xss_dombased_no": "", "application_sqli_prepared": "checked", "application_sqli_prepared_consistent_yes": "checked", "application_sqli_prepared_consistent_no": "", "application_upload_storage_fs": "", "application_upload_storage_db": "checked", "application_upload_storage_other": "", "application_upload_storage_types": "BMPR, JPEG, GIF, PDF, PNG, ZIP", "application_upload_type_extension": "checked", "application_upload_type_contenttype": "checked", "application_upload_type_reencoding": "checked", "warn_application_upload_reencoding": "We're only decoding/reencoding the BMPR files, which are compressed SQLite archives. After successfully reading the contents of the archive, we store those contents in a MySQL database. So, basically, it's moving (and validating) data from one relational database to another.", "application_testing_unit_yes": "checked", "application_testing_unit_no": "", "application_testing_unit_coverage_large": "", "application_testing_unit_coverage_med": "", "application_testing_unit_coverage_small": "checked", "warn_application_testing_unit_coverage": "We plan on adding unit tests to our collaboration server (used by these products and others) soon.", "application_testing_qa_security_yes": "checked", "application_testing_qa_security_no": "", "warn_application_monitoring_robust": "checked", "warn_application_monitoring_weak": "", "warn_application_monitoring_none": "", "application_other": "This questionnaire was hard to fill out because of the nature of the apps. They are web apps, but they only run inside the sandboxed context of Atlassian Connect. Please refer to the Atlassian Security documentation for more detailed answers.\n\nOur apps are part of the Atlassian Top Vendor Program: https://developer.atlassian.com/platform/marketplace/top-vendor-program/\n\nWe realize that we have room for improvement, but we're a small team and are doing our best with our resources. We continue to improve as we grow.", "security_contacts": "security@balsamiq.com" }