...
On a yearly basis the ClinSpark web application, supporting applications (such as SparkPlug), and certain infrastructure components are subjected to manual penetration testing , conducted by an external vendor. The testing takes place in a controlled environment setting created specifically for purpose. Penetration testing is not performed on any customer environments or environments that contain sensitive data.
A summary of findings from the pentest vendor is produced and reviewed by the product team. Findings are summarized into four classifications that are aligned with the OWASP Risk Rating Methodology. We take review and action based on the classifications.
...