How is ONEiO's service security audited?
- Evaluate the security of ONEiO service and find the risks and vulnerabilities associated with the software.
- Done manually at least yearly, automatically weekly
- Done by external auditor
Scope and methodology
- Evaluate the application level security from the outside of the system by utilizing the same interfaces as the users of the application
- Performed using a gray-box method, where the full architecture and source of the system are not completely known.
- The aim of the audit is to identify security problems related to the service, of which the most common ones are according to the OWASP Top Ten list.
- The assessment includes manual work of an expert for detecting characteristic vulnerabilities and logical errors in the system, in addition to using automated tools.