PEN Testing , Vulnerability scan SAST/DAST for ZOOM Apps

amit4 · January 13, 2023, 8:02am

Hi

This is Amit Porwal (CTO fogteams).

Recently we submitted APP on fogteams workspace. And we got a feedback as highlighted in italics

Thank you for your submission to be considered for our Beta program. In reviewing the content and information you shared, the Technical Design section indicated that you do not have a Secure SDLC process, do not conduct vulnerability scans (SAST/DAST), and do not perform ongoing pen testing for your application.

Your beta submission does not meet the minimum requirements for a beta url. We also require supporting evidence to demonstrate an adequate security posture for a beta url. We encourage you to follow through with our standard publication process to have your app shareable with others outside of your account.

This is marketplace link for our ZOOM app.

https://marketplace.zoom.us/develop/apps/zqmqMwTOTm2oHEPsxguo6w/credentials

Can you help us know which supporting documents are required for the secure SDLC process , as well as for Vulnerability scan SAST/DAST. If you can provide us with some sample documents as references that would be great.

Also we are in process of running PEN testing for our product which is a website deployed on AWS as a deployment host. Can you provide an example of what SORT of PEN testing can be performed on the AWS infrastructure from your recent experiences with various apps.
Any help is highly appreciated.

elisa.zoom · January 24, 2023, 10:06pm

Hi @amit4
Thanks for reaching out to the Zoom Developer Forum, I am happy to help here!
Sorry for the late reply here!
Have you been able to move forward with your request for a Publishable URL?
Please let me know if you need any help

Best,
Elisa

eng1 · April 4, 2023, 7:53pm

@elisa.zoom we had the same question, specifically what you require for the pen test (we are happy to meet the requirement, but because pen tests can be quite expensive, we don’t want to pay for more than what Zoom requires).

Thanks!

Naware · June 20, 2023, 7:48pm

@elisa.zoom I am having the same question. Can you give some more guidance to me.

kwaku.nyante · June 20, 2023, 9:38pm

Hello, @Naware please email marketplace.security@zoom.us for an answer on this. We do not want to provide an answer like this on a public forum due to specific vulnerabilities it can cause with our process in the future.

Regards, Kwaku

abhinandan · October 25, 2024, 7:51am

Hi,

I had the same issue and send email on the email id mentioned above but haven’t got any response , its been more than 48hrs .

kwaku.nyante · October 25, 2024, 7:47pm

Please make sure you provide your app details when you email the security team.

Regards, Kwaku

Topic		Replies	Views
Documents not required are requested in Functional Review App Marketplace	3	334	October 8, 2023
Zoom Marketplace app approval issue App Submission	3	23	October 21, 2024
Technical Design for Zoom OAuth app shareable URL/app submission App Submission	1	369	July 21, 2023
Penetration Testing Requirements for Zoom Marketplace App Submission App Submission	5	505	July 24, 2023
What kind of documents can act as an evidence for Zoom Marketplace secure software development process, SAST/DAST, 3rd part penetration testing? App Marketplace	2	488	May 20, 2023

PEN Testing , Vulnerability scan SAST/DAST for ZOOM Apps

Related Topics