Security Researcher Guide

This guide will help you get started with security research for Passbolt. Whether you're a seasoned security professional or just starting out, this guide will provide you with the information you need to contribute effectively.

Getting Started

1. Review our Security Policy
2. Learn how to Report a Vulnerability
3. Familiarize yourself with our codebase and architecture

What to Look For

When testing Passbolt, focus on these key areas:

• Authentication mechanisms
• Data encryption and key management
• API security
• Browser extension security
• Common web vulnerabilities (XSS, CSRF, etc.)
• Configuration security
• Access control mechanisms

Best Practices

1. Always follow responsible disclosure guidelines
2. Document your findings thoroughly
3. Include steps to reproduce
4. Test in a safe environment
5. Respect user privacy and data
6. Test only on your own installation, not on the public website
7. Keep vulnerabilities confidential until they are fixed

Resources

• Passbolt API Documentation
• Community Forum
• Installation Guide