How is ONEiO's service security audited?

Objectives

• Evaluate the security of ONEiO service and find the risks and vulnerabilities associated with the software.
• Done manually at least yearly, automatically weekly
• Done by external auditor

Scope and methodology

• Evaluate the application level security from the outside of the system by utilizing the same interfaces as the users of the application
• Performed using a gray-box method, where the full architecture and source of the system are not completely known.
• The aim of the audit is to identify security problems related to the service, of which the most common ones are according to the OWASP Top Ten list.
• The assessment includes manual work of an expert for detecting characteristic vulnerabilities and logical errors in the system, in addition to using automated tools.