We would like to recognize the following individuals for making significant contributions to SimpleRisk.
SimpleRisk Core
- Dr. Christian de Lamboy - Performed translations for the German version.
- Ben Allen - Static analysis of SimpleRisk.
- Carlos Salazar and Fernando Garcia - Performed translations for the Spanish version.
- Robson Dobzinski Marques Jr. - Helped to get internationalization set up and performed translations for the Portuguese version.
- Karthik Gaekwad - Helped with some of the CSS, especially on the project prioritization page.
- Ryan Dewhurst - Responsible disclosure of an HTML injection vulnerability that allowed us to have a new version released before the CVE was even issued.
- Mo Li & Xilin Wang - Analysis of advanced reporting features for SimpleRisk and contributions to the Dynamic Risk Report.
- Jim Manico - Helping to make the SimpleRisk code bullet-proof from web application vulnerabilities.
- Jeff Holden - Added code in upgrade script to handle "grant all" permissions for database users.
- Matthew Frick - Created instructions for proper setup of SimpleRisk using SELinux.
- N.J. Ouchin - Creation of vFeed tool which provides the CVE lookup automation for SimpleRisk.
- Jim Cusick - Provided the Nginx configuration for the SimpleRisk API.
- James Whittlesea - Provided the IIS configuration for the SimpleRisk API.
- Gjoko Krstic - Responsible disclosure of two XSS vulnerabilities.
- Mohamed A. Baset - Responsible disclosure of a XSS vulnerability.
- San Thosh - Responsible disclosure of a XSS vulnerability.
- Samet Sahin - Responsible disclosure of a XSS vulnerability.
- Nick Moore - Code contribution for handling same min and max asset values, handling PHP configuration limits for file uploads, and updates to the Dynamic Risk Report.
- Milo VanDerLinden - Notification of a wrong version number being included in the 20180830-001 database schema. Fix for empty approximate time when creating an audit test. Conversion of various static text to use the language file. Dutch language translations.
SimpleRisk Websites
- Sajibe Kanti - Recommendation to enable Strict Transport Security headers on the SimpleRisk website.
- Steven Hampton - Recommendation to enable X-XSS-Protection headers on the SimpleRisk website.
- Mohammed Israil - Recommendation to set a maxlength value on the Contact Us form on the SimpleRisk website.
- Pethuraj M - Notification of Apache version information being included on error page on updates.simplerisk.com.
- Lacroute Serge - Responsible disclosure of a XSS vulnerability affecting a couple of web forms.
- Guhan Raja - Responsible disclosure of a XSS vulnerability affecting a web form.
- Karthik K - Notification of Apache version information being sent in headers on demo.simplerisk.com.
- Prathamesh Joshi - Notification of Apache version information being included on a SimpleRisk sub-domain.
- Vipul Dwivedi - Notification of publicly accessible web.config file.
- Vipul Dwivedi, Nikhil Ahire & Shivam Srivastava - Suggestion to add a SPF record for the simplerisk.com domain.
- Kamran Saifullah - Notification of user enumeration issue and recommendation to lock down login form on simplerisk.com
- Md. Nur A Alam Dipu - Notification of an information disclosure vulnerability resulting from a full disk on the simplerisk.com web server.
- Mohammed Israil - Notification of setting allowing any GitHub user to publish a wiki page under the SimpleRisk GitHub repositories.
- Leo Stals - Notification of domains pointing at IPs that were no longer in use by SimpleRisk.
- Gaurang - Notification of information disclosure from an exposed composer.json file.
- Shreyash Khare - Reported a domain without X-Frame-Options set as well as a Server header information disclosure.