Hi all,
I have the following set up:
Upon doing a penetration testing, i found out that except for Crowd, the rest (JIRA, Confluence, Stash) are vulnerable to Cross-Site Request Forgery attack. It was recommended to me (by the pen test) to provide a unique token that guarantees freshness of submitted data must be added to all web application elements that can affect business logic.
I saw in this document about CSRF protection with Atlasian products. I don't know where (and how to start) on implementing this with my setup above.
I however am avoiding to upgrade either of JIRA, Confluence and Stash.