- Evaluate the security of ONEiO service and find the risks and vulnerabilities associated with the software.
Penetration tests by external security companies
We strive to have yearly penetration tests done by external, independent security companies.
Scope and methodology
- Evaluate the application level security from the outside of the system by utilizing the same interfaces as the users of the application
- Performed using a gray-box method, where the full architecture and source of the system are not completely known.
- The aim of the audit is to identify security problems related to the service, of which the most common ones are according to the OWASP Top Ten list.
- The assessment includes manual work of an expert for detecting characteristic vulnerabilities and logical errors in the system, in addition to using automated tools.
- Secure software development policy and related guidelines (part of our ISO 27001 certified Information Security Management System)
- Automatic vulnerability scans
- for known vulnerabilities in the used software libraries
- potential security issues in ONEiO source code (Static Application Security Testing)
- container images
- Network setup
- Virtual machine OSes