How is ONEiO's service security audited?

Objectives

  • Evaluate the security of ONEiO service and find the risks and vulnerabilities associated with the software.
  • Done manually at least yearly, automatically weekly
  • Done by external auditor

Scope and methodology

  • Evaluate the application level security from the outside of the system by utilizing the same interfaces as the users of the application
  • Performed using a gray-box method, where the full architecture and source of the system are not completely known.
  • The aim of the audit is to identify security problems related to the service, of which the most common ones are according to the OWASP Top Ten list.
  • The assessment includes manual work of an expert for detecting characteristic vulnerabilities and logical errors in the system, in addition to using automated tools.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.