elmah.io Security

This page presents the results of the automated penetration test conducted on elmah.io at Thu, 22 Sep 2022 04:19:37 GMT.

It summarizes all of the relevant security-related details and findings of elmah.io's web application and APIs.

Read report Go to web app

Vulnerabilities Found

0

High

1

Medium

4

Low

Vulnerabilities are assessed in accordance with the Common Vulnerability Scoring System.

Coverage

Heyhack found and tested 111 pages in the penetration test. Across all of the found pages, Heyhack conducted a total of 4,593 test cases. See the full list of covered pages below.

The test began at Thu, 22 Sep 2022 00:06:35 GMT and completed at Thu, 22 Sep 2022 04:19:37 GMT.

The entire test endured 4 hours, 13 minutes, and 1 seconds.

TitleURL
elmah.io Alternatives - See how elmah.io compares to the resthttps://elmah.io/alternatives/
Contact - Get in contact through our support or emailhttps://elmah.io/contact/
Customer story of how Abraquest utilize elmah.iohttps://elmah.io/customer-stories/abraquest/
Customer story of how The Cogworks utilize elmah.iohttps://elmah.io/customer-stories/the-cogworks/
Customer story of how Insurance Data Solutions utilize elmah.iohttps://elmah.io/customer-stories/insurance-data-solutions/
Customer story of how Noor utilize elmah.iohttps://elmah.io/customer-stories/noor/
Customer story of how Neurotic Media utilize elmah.iohttps://elmah.io/customer-stories/neurotic-media/
Customer story of how P&RO Solutions utilize elmah.iohttps://elmah.io/customer-stories/pro-solutions/
Customer story of how Deskhero utilize elmah.iohttps://elmah.io/customer-stories/deskhero/
Customer story of how Nexwork utilize elmah.iohttps://elmah.io/customer-stories/nexwork/
Customer story of how IowaComputerGurus Inc. utilize elmah.iohttps://elmah.io/customer-stories/iowacomputergurus/
Customer story of how ZimplerConsulting utilize elmah.iohttps://elmah.io/customer-stories/zimplerconsulting/
Customer story of how BPS Designs utilize elmah.iohttps://elmah.io/customer-stories/bps-designs/
Customer story of how Property UX utilize elmah.iohttps://elmah.io/customer-stories/property-ux/
Customer story of how Cole Consulting utilize elmah.iohttps://elmah.io/customer-stories/cole-consulting/
Customer story of how ONEIL utilize elmah.iohttps://elmah.io/customer-stories/oneil/
Customer Stories - Read stories from our customershttps://elmah.io/customer-stories/
Heartbeats - .NET scheduled tasks and services monitoringhttps://elmah.io/features/heartbeats/
elmah.io - Error logging and Uptime monitoring for .NEThttps://elmah.io/#
.NET Microservices - We help you monitor the state of your serviceshttps://elmah.io/microservices/
Notifications - Notifications on Slack, Teams, and text/SMShttps://elmah.io/features/notifications/
Not Found - elmah.iohttps://elmah.io/javascript:
For CTOs - Learn the benefits of using elmah.io for your teamhttps://elmah.io/for-ctos/
Security - We make sure to keep your data privatehttps://elmah.io/security/
Appsettings.json Transformation Tester - Check your confighttps://elmah.io/tools/appsettings-transformation-tester/
Cron Expression Parser and Creator Tool - 100% free and onlinehttps://elmah.io/tools/cron-parser/#*_*_*_*_*
Not Found - elmah.iohttps://elmah.io/mailto:/?subject=Web.Config%20Validator%20-%20Free%20checker%20for%20all%20.NET%20versions&body=Validate%20your%20web.config%20for%20invalid%20configuration%20using%20the%20only%20web.config%20validator%20available.%20Did%20we%20forget%20to%20tell%20you%20that%20it%20is%20completely%20free%3F%20Link:%20https%3A%2F%2Felmah.io%2Ftools%2Fconfig-validator%2F
JSON Formatter - Free online JSON formatter and validatorhttps://elmah.io/tools/json-formatter/
Multiline String Converter - Convert text to verbatim C# stringshttps://elmah.io/tools/multiline-string-converter/
Appsettings.json Validator - Free check of syntax and contenthttps://elmah.io/tools/appsettings-validator/
MD5 Encoder - Online MD5 Hashing Toolhttps://elmah.io/tools/md5-encoder/
Free online XML formatter and validatorhttps://elmah.io/tools/xml-formatter/
W3C Extended Log File Format Viewer - Free tool from elmah.iohttps://elmah.io/tools/w3c-extended-log-file-format-viewer/
C# GUID Generator - Free online GUID Generatorhttps://elmah.io/tools/guid-generator/
Base64 Image Encoder - Convert any image file or URL onlinehttps://elmah.io/tools/base64-image-encoder/
C# Formatter - Tabs vs spaces, download file, and morehttps://elmah.io/tools/csharp-formatter/
Web.Config Validator - Free checker for all .NET versionshttps://elmah.io/tools/config-validator/
Uptime Monitoring - Minimize downtime on .NET websiteshttps://elmah.io/features/uptime-monitoring/
Web.config Transformation Tester - Online XDT/XML toolhttps://elmah.io/tools/webconfig-transformation-tester/
Tools - Free tools for .NET/C# developers by elmah.iohttps://elmah.io/tools/
App Store - Extend error management to your need with elmah.iohttps://elmah.io/features/appstore/
DevOps - Implement successful .NET DevOps with elmah.iohttps://elmah.io/devops/
Azure Error Logging - Error Monitoring of websites & functionshttps://elmah.io/azure-error-logging/
Tour - A detailed elmah.io walkthrough using text and videohttps://elmah.io/tour/
https://elmah.io/humans.txt
About - Everything about elmah.io and the great team behind ithttps://elmah.io/about/
Microsoft Teams - Instant notifications on errors with elmah.iohttps://elmah.io/features/microsoft-teams/
Umbraco - Integrating Umbraco and elmah.iohttps://elmah.io/features/umbraco/
Goodie Bag - Discounts on popular .NET tools like MyGethttps://elmah.io/goodiebag/
NLog - Integrating NLog and elmah.iohttps://elmah.io/features/nlog/
GitHub - You no longer need to create bugs in GitHubhttps://elmah.io/features/github/
Logary - Integrating Logary and elmah.iohttps://elmah.io/features/logary/
Slack - Get notifications in Slack when your website crasheshttps://elmah.io/features/slack/
Issue Tracking - Manage bugs directly in the log with elmah.iohttps://elmah.io/features/issue-tracking/
Serilog - Integrating Serilog and elmah.iohttps://elmah.io/features/serilog/
Xamarin Logging - Crash monitoring of your Xamarin appshttps://elmah.io/features/xamarin-logging/
Notifications - Notifications on Slack, Teams, and text/SMShttps://elmah.io/features/notifications/
Client-side Logging - Getting on top of those JavaScript errorshttps://elmah.io/features/clientside-logging/
System.NullReferenceExceptionhttps://elmah.io/exceptions/System.NullReferenceException/
log4net - Integrating log4net and elmah.iohttps://elmah.io/features/log4net/
Machine Learning - Let elmah.io work for youhttps://elmah.io/features/machine-learning/
Features - Error and crash reporting for .NET apps with elmah.iohttps://elmah.io/features/
elmah.io Privacy Policyhttps://elmah.io/legal/privacy-policy/
Best in class crash management for ASP.NET Core with elmah.iohttps://elmah.io/features/asp-net-core/
elmah.io Sub-Processorshttps://elmah.io/legal/sub-processors/
elmah.io Cookie Policyhttps://elmah.io/legal/cookie-policy/
elmah.io Legal FAQhttps://elmah.io/legal/legal-faq/
elmah.io GDPR Commitmenthttps://elmah.io/legal/gdpr-commitment/
elmah.io Terms of usehttps://elmah.io/legal/terms-of-use/
Azure Error Logging - Error Monitoring of websites & functionshttps://elmah.io/azure-error-logging/
System.DivideByZeroExceptionhttps://elmah.io/exceptions/System.DivideByZeroException/
System.ArgumentNullExceptionhttps://elmah.io/exceptions/System.ArgumentNullException/
System.ArrayTypeMismatchExceptionhttps://elmah.io/exceptions/System.ArrayTypeMismatchException/
System.IO.FileNotFoundExceptionhttps://elmah.io/exceptions/System.IO.FileNotFoundException/
System.Net.WebExceptionhttps://elmah.io/exceptions/System.Net.WebException/
System.ArgumentExceptionhttps://elmah.io/exceptions/System.ArgumentException/
System.AggregateExceptionhttps://elmah.io/exceptions/System.AggregateException/
System.NotSupportedExceptionhttps://elmah.io/exceptions/System.NotSupportedException/
System.IO.IOExceptionhttps://elmah.io/exceptions/System.IO.IOException/
System.IO.DirectoryNotFoundExceptionhttps://elmah.io/exceptions/System.IO.DirectoryNotFoundException/
System.OutOfMemoryExceptionhttps://elmah.io/exceptions/System.OutOfMemoryException/
System.Net.Http.HttpRequestExceptionhttps://elmah.io/exceptions/System.Net.Http.HttpRequestException/
System.UnauthorizedAccessExceptionhttps://elmah.io/exceptions/System.UnauthorizedAccessException/
System.OverflowExceptionhttps://elmah.io/exceptions/System.OverflowException/
System.Net.Sockets.SocketExceptionhttps://elmah.io/exceptions/System.Net.Sockets.SocketException/
System.Exceptionhttps://elmah.io/exceptions/System.Exception/
System.TypeInitializationExceptionhttps://elmah.io/exceptions/System.TypeInitializationException/
System.TypeLoadExceptionhttps://elmah.io/exceptions/System.TypeLoadException/
System.InvalidCastExceptionhttps://elmah.io/exceptions/System.InvalidCastException/
System.AccessViolationExceptionhttps://elmah.io/exceptions/System.AccessViolationException/
System.StackOverflowExceptionhttps://elmah.io/exceptions/System.StackOverflowException/
System.IndexOutOfRangeExceptionhttps://elmah.io/exceptions/System.IndexOutOfRangeException/
System.ArithmeticExceptionhttps://elmah.io/exceptions/System.ArithmeticException/
System.FormatExceptionhttps://elmah.io/exceptions/System.FormatException/
System.ApplicationExceptionhttps://elmah.io/exceptions/System.ApplicationException/
Stack Trace Formatter - Pretty print your exception messageshttps://elmah.io/tools/stack-trace-formatter/
ASPInsiders - Get a free elmah.io plan as an ASPInsiderhttps://elmah.io/sponsorship/aspinsiders/
Microsoft MVP - Get a free elmah.io plan as a Microsoft MVPhttps://elmah.io/sponsorship/microsoftmvp/
Blogger - Get paid writing great blog posts with elmah.iohttps://elmah.io/sponsorship/blogger/
Umbraco MVP - Get a free elmah.io plan as an Umbraco MVPhttps://elmah.io/sponsorship/umbracomvp/
Conferences - Sponsorship of conferences with .NET contenthttps://elmah.io/sponsorship/conferences/
Sponsorship - Free elmah.io licenses for user groups and morehttps://elmah.io/sponsorship/
Startups - Get a huge discount as an early stage startuphttps://elmah.io/sponsorship/startups/
Open Source - Monitor your open source website for freehttps://elmah.io/sponsorship/opensource/
User Groups - We provide sponsorships for user groupshttps://elmah.io/sponsorship/usergroup/
Plans and Pricing - Affordable subscriptions for everyonehttps://elmah.io/pricing/
Cloud Logging - Learn about our services and best practiceshttps://elmah.io/cloud-logging/
Deployment Tracking - Release new software with confidencehttps://elmah.io/features/deployment-tracking/
elmah.io Refund Policyhttps://elmah.io/legal/refund-policy/
API v3 - Integrate elmah.io to fit your needshttps://elmah.io/api/v3/
elmah.io - Error logging and Uptime monitoring for .NEThttps://elmah.io/

Data Encryption

elmah.io is protected by Transport Layer Security (TLS). See the supported cipher suites below.

While the data transfer is protected by TLS, Heyhack has detected 4 minor vulnerabilities (low impact) regarding the transport layer:

  • Missing DNSSEC
  • BREACH (potentially)
  • LUCKY13 (potentially)
  • Insecure Ciphers
Refer to the OWASP Web Security Testing Guide for more information on testing with respect to TLS.

Infrastructure Security

The infrastructure serving elmah.io is provided by Cloudflare, Inc. (determined by the IP range of the application's web servers).
Domain Name: elmah.io
Registry Domain ID: 040c54ab5e464662a447d7d201598bd9-DONUTS
Registrar WHOIS Server: http://whois.cloudflare.com
Registrar URL: http://cloudflare.com
Updated Date: 2022-05-24T19:02:25Z
Creation Date: 2013-06-18T10:30:04Z
Registry Expiry Date: 2023-06-18T10:30:04Z
Registrar: Cloudflare, Inc
Registrar IANA ID: 1910
Registrar Abuse Contact Email: 
Registrar Abuse Contact Phone: 
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: DATA REDACTED
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: DK
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: DK
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: elma.ns.cloudflare.com
Name Server: coby.ns.cloudflare.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2022-09-22T04:19:38Z <<<

Source Code Dependencies

Heyhack has scanned the source code dependencies used by elmah.io and has found 35 secure and 0 insecure libraries.

Refer to OWASP's article on vulnerable and outdated components for more information.
Library
https://elmah.io/bundles/homepage.min.js?v=mQpK6tGEliCQFGkHWGcAlNhRKZCgI3UGJrORStUNXeo
https://consent.cookiebot.com/6c644bae-8146-49b2-a6b4-b0d24211957d/cc.js?renew=false&referer=elmah.io&dnt=false&init=false
https://consent.cookiebot.com/uc.js
https://elmah.io/serviceworker.js
https://www.google-analytics.com/analytics.js
https://consentcdn.cookiebot.com/consentconfig/6c644bae-8146-49b2-a6b4-b0d24211957d/elmah.io/configuration.js
https://www.googletagmanager.com/gtm.js?id=GTM-WKDV74
https://consentcdn.cookiebot.com/consentconfig/6c644bae-8146-49b2-a6b4-b0d24211957d/state.js
https://consent.cookiebot.com/logconsent.ashx?action=decline&nocache=1663805371956&cbid=6c644bae-8146-49b2-a6b4-b0d24211957d&cbt=leveloptin&hasdata=true&referer=elmah.io
https://elmah.io/bundles/script.min.js?v=CRq010U7GeLQhkl31zFOpql_8DKWpYSfvGDoDsEBCzA
https://elmah.io/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
https://elmah.io/bundles/api.min.js?v=qYZ8g2kPnH9mEbA4rBUtGLPS3S0j5hpdU2AWjHgSc44
https://elmah.io/bundles/configvalidator.min.js?v=wxq3kG82XhWksz_bKUhHcN0_iwWj_X7tfa6Dp9QSxVw
https://elmah.io/bundles/stacktraceformatter.min.js?v=lCRlGh66_oMqmQ2nqPY0kOsiMCmQV-zeVQW39qMv0i0
https://elmah.io/bundles/webconfigtransformationtester.min.js?v=SlKbqFzNYKuWm7CyGHJXcyjAi2yK1Q2VuuOOmk0Nhfc
https://elmah.io/bundles/heartbeats.min.js?v=mawU19005w22s-lZj962K_XPj929SNIb1oR1OsCYYBU
https://js.intercomcdn.com/frame-modern.263d2f7f.js
https://js.intercomcdn.com/app-modern.2fdd9c76.js
https://js.intercomcdn.com/shim.latest.js
https://js.intercomcdn.com/vendor-modern.91c3f416.js
https://js.intercomcdn.com/app~tooltips-modern.9ccd3253.js
https://js.intercomcdn.com/vendors~app-modern.fd31d976.js
https://js.intercomcdn.com/vendors~app~tooltips-modern.fbf0ddbe.js
https://elmah.io/bundles/appsettingsvalidator.min.js?v=1rs6aZF91-dpS-y2C7TK9tWjXAxbyQzj2SWrLgAVr_M
https://elmah.io/bundles/multilinestringconverter.min.js?v=OkZflAASwAtBmV3EV8Ke45j-iO2EPnjSfE67gxUyht4
https://elmah.io/bundles/jsonformattervalidator.min.js?v=1BUH3jhThFk37y2ji8eVmhXCkUYs1_6TQvl_eMZUM6c
https://elmah.io/bundles/appsettingstransformationtester.min.js?v=U2eBGlJod3tKyAMDEH6D7V1-A5Jqk6HwYok3TYU-5mk
https://elmah.io/bundles/base64imageencoder.min.js?v=uCmZHmV-vwJML23ZVOSuNpuC1rjRD2mBnK-3GXQNMQ0
https://elmah.io/bundles/md5encoder.min.js?v=jGhKqh0Suki1aioj-J_FCt75U5dwh8c05Ql9e8a46fQ
https://elmah.io/bundles/guidgenerator.min.js?v=HieWy4aKLXozv7RVQMODH5JxvcHMVBh7evF3DKSY_lw
https://elmah.io/bundles/xmlformattervalidator.min.js?v=PXILew8IVKZPOlle4C-aRMr4bIIfWc-S3Hc-9BhxDbU
https://elmah.io/bundles/csharpformatter.min.js?v=x8wDDwd-VsZbcSb1s_UE_cgOcc925X_-7L_KidPQY4Y
https://elmah.io/bundles/w3cextendedlogfileformatviewer.min.js?v=Wm4fnZOKi0P1cQQlCa14ukGFcb3PhVFGTklEyy1rpSc
https://elmah.io/bundles/cronparser.min.js?v=b9gKFd38X0uSg5Pdf4vcoADOjIDLrCyuaruQvUvTvvs
https://elmah.io/bundles/exceptions.min.js?v=Cyb4T4ryKtpsF8eXwjQoxjYElcJveOcTqHblOQ2VwZo

OWASP Top 10:2021

The table below shows whether elmah.io has any vulnerabilities with a severity higher than or equal to 4.0 (CVSS v3.1) in any of the OWASP Top 10:2021 categories.

OWASP Top 10:2021 CategoryTestedPassed
A01:2021 – Broken Access Control
A02:2021 – Cryptographic Failures
A03:2021 – Injection
A04:2021 – Insecure Design
A05:2021 – Security Misconfiguration
A06:2021 – Vulnerable and Outdated Components
A07:2021 – Identification and Authentication Failures
A08:2021 – Software and Data Integrity Failures
A09:2021 – Security Logging and Monitoring Failures
A10:2021 – Server-Side Request Forgery (SSRF)

User Protection

Heyhack has scanned the HTTP headers set in the responses returned by elmah.io's web servers and has found that elmah.io uses 4 distinct headers to improve the security of the application.

Refer to the OWASP Secure Headers Project for more information.
LibraryStatus
Strict-Transport-SecurityPresent
X-Frame-OptionsPresent
X-Content-Type-OptionsPresent
Content-Security-PolicyPresent
Heyhack is an automated penetration testing service that scans web applications and APIs for common vulnerabilities related to application security. Heyhack conducts comprehensive tests in accordance with the OWASP Web Security Testing Guide published by the Open Web Application Security Project, the leading body on web application security.

Get your own penetration test report.

Try Heyhack for free