⚠ EDUCATIONAL TECHNICAL DEMONSTRATION · Public-domain mathematical models · No classified data · Source code under NDA · Not affiliated with any government or defense entity

Available for freelance missions · 600–800€/daySDET / QA Architect · Remote · EN/FR

BALLISTIC SIM QA · MIMETIC ZERO · SECURITY REPORT

OWASP ZAP
Automated Scan Report

Target: sakuranode.comDate: 2025-05-05Tool: ZAP 2.15.0Mode: Passive + Active (standard)Duration: 14m 32sURLs: 47Requests: 3 812

✓ ZERO high-severity vulnerabilities · 47 URLs scanned · 3 812 requests sent

Scan Results

Risk Summary

HIGH RISK

MEDIUM RISK

LOW RISK

INFORMATIONAL

Medium Risk

Medium Risk Alerts

3 medium-severity findings from site-wide ZAP scan.

MEDIUMContent Security Policy (CSP) Header Not Set

Affected: https://sakuranode.com/ · https://sakuranode.com/engineering-dashboard

MEDIUMMissing Anti-clickjacking Header

Affected: https://sakuranode.com/

MEDIUMAbsence of Anti-CSRF Tokens

Affected: https://sakuranode.com/contact

Low Risk

Low Risk Alerts

12 low-severity findings — informational, no material risk.

LOWX-Content-Type-Options Header Missing

Affected: https://sakuranode.com/ (14 URLs)

LOWStrict-Transport-Security Header Not Set

Affected: https://sakuranode.com/

LOWCookie Without SameSite Attribute

Affected: https://sakuranode.com/ (__vercel_live_token)

LOWCookie Without Secure Flag

Affected: https://sakuranode.com/api/health-proxy

LOWPermissions Policy Header Not Set

Affected: https://sakuranode.com/ (8 URLs)

LOWServer Leaks Version Information via Server Header

Affected: https://sakuranode.com/ (server: Vercel)

LOWTimestamp Disclosure - Unix

Affected: https://sakuranode.com/api/test-results

LOWCross-Domain JavaScript Source File Inclusion

Affected: https://sakuranode.com/ (Google Fonts)

LOWInformation Disclosure - Suspicious Comments

Affected: https://sakuranode.com/_next/static/ (2 files)

LOWModern Web Application

Affected: https://sakuranode.com/

LOWLoosely Scoped Cookie

Affected: https://sakuranode.com/

LOWSource Code Disclosure - /WEB-INF folder

Affected: https://sakuranode.com/ (false positive — Next.js)

E2E Security

Playwright — Security UI Tests

10 automated security scenarios run against the live ballistic-sim interface.

no sensitive coordinate data in console outputPASS

no JavaScript errors on landing pagePASS

no JavaScript errors on demo pagePASS

disclaimer banner visible on all pagesPASS

NDA mention visible on demo pagePASS

no classified designations in demo contentPASS

all targets are explicitly fictionalPASS

HTTPS link in security reportPASS

ZAP report shows 0 High vulnerabilitiesPASS

page loads without mixed-content warningsPASS

Coverage

Scan Coverage

47 URLs · 3 812 requests · Traditional Spider + AJAX Spider

https://sakuranode.com/ballistic-simscanned

https://sakuranode.com/ballistic-sim/aboutscanned

https://sakuranode.com/ballistic-sim/demoscanned

https://sakuranode.com/ballistic-sim/qascanned

https://sakuranode.com/ballistic-sim/securityscanned

+ 42 additional site-wide URLs

QA RESULTS

Full test suite metrics

↗

HIRE ME

Security audits · SDET missions