Security Policy

As a core infrastructure component of our customers, the security of Camunda Platform (also referred to as the ‘software’) takes top priority and is maintained constantly.

For information on our Camunda Security Policy, see camunda.com/security.

Penetration Testing

Camunda has contracted an independent, external security advisor to regularly conduct penetration tests of the software. The advisor operates according to industry best practices recommended by the OWASP organization such as the OWASP Testing Guide. The tools used for testing include Burp Suite and DefenseCode Thunderscan

Any vulnerabilities detected are handled according to our process for security issue management.

Test history:

Date Test Focus Result Summary

December 2021

Camunda Automation Platform Version: 7.16.0-ee Camunda Optimize Version 3.6.0

Whitebox test with focus on (but not limited to) the Camunda Automation Platform web applications and REST API plus Camunda Optimize.

No critical vulnerabilities were detected.

Two lesser vulnerabilities were detected and submitted for treatment to our security issue process.

Two issues have been partially fixed, work in progress.

December 2021

Cawemo

Whitebox test with focus on (but not limited to) the Cawemo application and the underlying infrastructure.

No critical vulnerabilities were detected.

Seven lesser vulnerabilities were detected and submitted for treatment to our security issue process.

Seven issues have been partially fixed, work in progress.

June 2021

Cawemo

Whitebox test with focus on (but not limited to) the Cawemo application and the underlying infrastructure.

No critical vulnerabilities were detected.

Five lesser vulnerabilities were detected and submitted for treatment to our security issue process.

Five issues have been partially fixed, work in progress.

March 2021

Camunda Platform Version: 7.14.5-ee Camunda Optimize Version 3.3.0

Whitebox test with focus on (but not limited to) Camunda Platform web applications and REST API.

No critical vulnerabilities were detected.

Three lesser vulnerabilities were detected and submitted for treatment to our security issue process.

Three issues have been partially fixed, work in progress.

January 2020

Camunda Platform Version: 7.12.1-ee Camunda Optimize Version 2.7.0

Whitebox test with focus on (but not limited to) Camunda Platform web applications and REST API.

No critical vulnerabilities were detected.

Seven lesser vulnerabilities were detected and submitted for treatment to our security issue process.

Two issues have been fixed.

Five issues have been partially fixed, work in progress.

January 2019

Camunda Platform version: 7.10.1

Whitebox test with focus on (but not limited to) Camunda Platform web applications and REST API.

No critical vulnerabilities were detected.

Five lesser vulnerabilities were detected and submitted for treatment to our security issue process.

Two issues have been fixed.

Three issues have been partially fixed.

On this Page: