PEN Testing , Vulnerability scan SAST/DAST for ZOOM Apps

Hi

This is Amit Porwal (CTO fogteams).

Recently we submitted APP on fogteams workspace. And we got a feedback as highlighted in italics

Thank you for your submission to be considered for our Beta program. In reviewing the content and information you shared, the Technical Design section indicated that you do not have a Secure SDLC process, do not conduct vulnerability scans (SAST/DAST), and do not perform ongoing pen testing for your application.

Your beta submission does not meet the minimum requirements for a beta url. We also require supporting evidence to demonstrate an adequate security posture for a beta url. We encourage you to follow through with our standard publication process to have your app shareable with others outside of your account.

This is marketplace link for our ZOOM app.

https://marketplace.zoom.us/develop/apps/zqmqMwTOTm2oHEPsxguo6w/credentials

Can you help us know which supporting documents are required for the secure SDLC process , as well as for Vulnerability scan SAST/DAST. If you can provide us with some sample documents as references that would be great.

Also we are in process of running PEN testing for our product which is a website deployed on AWS as a deployment host. Can you provide an example of what SORT of PEN testing can be performed on the AWS infrastructure from your recent experiences with various apps.
Any help is highly appreciated.

1 Like

Hi @amit4
Thanks for reaching out to the Zoom Developer Forum, I am happy to help here!
Sorry for the late reply here!
Have you been able to move forward with your request for a Publishable URL?
Please let me know if you need any help

Best,
Elisa

@elisa.zoom we had the same question, specifically what you require for the pen test (we are happy to meet the requirement, but because pen tests can be quite expensive, we don’t want to pay for more than what Zoom requires).

Thanks!

@elisa.zoom I am having the same question. Can you give some more guidance to me.

Hello, @Naware please email marketplace.security@zoom.us for an answer on this. We do not want to provide an answer like this on a public forum due to specific vulnerabilities it can cause with our process in the future.

Regards, Kwaku

1 Like