...
On a yearly basis the application is subjected to manual penetration testing. Currently, we use Cobolt.io for this service, conducted by an external vendor. A summary of findings from the pentest vendor is produced and reviewed by the product team. Findings are summarized into four classifications that are aligned with the OWASP Risk Rating Methodology.
...