Nested Knowledge will undergo penetration testing of its web application on an annual basis, unless this schedule is required to be revised by Nested Knowledge. An external security firm will test the web application to identify vulnerabilities. During the testing period, no software releases will be pushed, except releases with important bug fixes. Any vulnerabilities detected will be remediated promptly by the Nested Knowledge development team.
Each penetration test will follow the steps:
- Reconnaissance: gathering information before an attack
- Enumeration: finding attack vectors
- Exploitation: verifying security weakness
- Documentation: Recording results
Testing History #
The last penetration test was completed by a third-party vendor on May 28th, 2024.
Revision History #
Author | Date of Revision/Review | Comments/Description |
---|---|---|
K. Cowie | 10/25/2024 | Reviewed |
K. Cowie | 05/04/2023 | Updated |
K. Kallmes | 04/10/2023 | Approved |
K. Holub | 06/24/2024 | Updated for annual pen test |