Start integrating with ONEiO for free!
SIGN UP

How is ONEiO service security assured?

Objectives

  • Evaluate the security of ONEiO service and find the risks and vulnerabilities associated with the software.

Penetration tests by external security companies

We strive to have yearly penetration tests done by external, independent security companies.

Scope and methodology

  • Evaluate the application level security from the outside of the system by utilizing the same interfaces as the users of the application
  • Performed using a gray-box method, where the full architecture and source of the system are not completely known.
  • The aim of the audit is to identify security problems related to the service, of which the most common ones are according to the OWASP Top Ten list.
  • The assessment includes manual work of an expert for detecting characteristic vulnerabilities and logical errors in the system, in addition to using automated tools.

Internal measures

  • Secure software development policy and related guidelines (part of our ISO 27001 certified Information Security Management System)
  • Automatic vulnerability scans
    • for known vulnerabilities in the used software libraries
    • potential security issues in ONEiO source code (Static Application Security Testing)
    • container images
    • Network setup
    • Virtual machine OSes

More comprehensive information can be found on ONEiO SaaS Security

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.