-
Title
Identity Manager security statement -
Description
Is there a general statement that states One Identity does its own vulnerability testing?
-
Cause
-
-
Resolution
One Identity performs regular application penetration testing to identify and mitigate potential security vulnerabilities:
-
Penetration Testing Practices
Applications are tested annually by independent third parties. These assessments are designed to detect vulnerabilities—particularly those listed in the OWASP Top 10 and SANS Top 25.
Testers are provided access to their own accounts and the relevant source code to perform a thorough evaluation. -
Objective
The primary purpose of these penetration tests is to proactively identify and address security weaknesses in One Identity applications. -
Scope
Core applications are always covered. Additional services such as mobile apps and browser extensions are included on a rotational basis. -
Frequency
Third-party penetration tests are conducted once per year. -
Audience
The reports are intended for internal use by One Identity.
For more information, please refer to the official compliance page:
One Identity Compliance
(See section: "Penetration Tests")Additionally, for Identity Manager specifically, you can monitor security-related notifications here:
Identity Manager Alerts & Notifications -