We use specialist security consulting firms to complete penetration tests - also known as PEN tests - on our infrastructure. These tests are White Box tests - where we give design documentation and information from our product engineers to support their testing. White Box testing, with this insider's technical knowledge, is the most likely way to uncover any issues.
Due to the extensive internal information made available to the testers in conducting these assessments, and the general nature of vulnerability testing, we do not provide full reports.
Our most recent PEN test was a thorough examination from the experienced PEN testing team from Cobalt.io.
Current and previous attestation reports a can be downloaded below. Any High or Medium issues reported have been addressed prior to the report being linked.