We use specialist security consulting firms to complete penetration tests on our infrastructure. These tests are White Box tests - where we give design documentation and information from our product engineers to support their testing. White Box testing, with this insider's technical knowledge, is the most likely way to uncover any issues.
Due to the extensive internal information made available to the testers in conducting these assessments, and the general nature of vulnerability testing, we do not provide full reports.
Our most recent PEN test was a thorough examination from the experienced PEN testing team from Cobalt.io. The attestation report can be downloaded below.