To detect recently discovered or any previously known vulnerabilities or weaknesses in the LMS365 platform ELEARNINFORCE uses different types of penetration testing techniques:
Dynamic Application Security Testing (DAST)
Veracode Dynamic Analysis (DAST) is used for automated penetration testing of the LMS365 application & underlying web applications doing the QA process. This helps to find exploitable vulnerabilities, and address any issues immediately before any updates are pushed into staging and later into production.
3rd-Party Penetration Testing
The Penetration Testing for LMS365 is conducted at least annually by IFCR, an independent company based in Denmark.
The LMS365 Pen Test is limited to the LMS365 Application and should be read in conjunction with the Penetration testing on Azure carried out by Microsoft on the Azure platform. This helps improve the LMS365 platform and guides actions in terms of improving security controls, introducing new security controls, and improving our security processes.
It is our assessment, that the LMS365 application is implemented with a high degree of security and that it does not contain any known vulnerabilities, which can be leveraged to gain access to customer data or backend systems.
As the LMS365 application is highly integrated with the Microsoft Office 365 and Azure platforms, several key security features, including the authentication and authorization scheme, is inherited from this platform. The focus of the test was thus limited to the non Office 365 functionality available to the users of LMS365 to ensure maximum coverage of the LMS365 application and less on the standard Microsoft platform itself.
It should be noted that ELEARNINGFORCE was very responsive and observant during the test, which led to a better understanding of the setup and design choices. This also enabled a dialogue around some of the initial observations made during the test and whether these were in scope (LMS365) or out of scope (standard Microsoft functionality)
No high severity vulnerabilities were observed during the test.
To receive a copy of the complete Pen Test Report email firstname.lastname@example.org