PEN Testing , Vulnerability scan SAST/DAST for ZOOM Apps

Hi

This is Amit Porwal (CTO fogteams).

Recently we submitted APP on fogteams workspace. And we got a feedback as highlighted in italics

Thank you for your submission to be considered for our Beta program. In reviewing the content and information you shared, the Technical Design section indicated that you do not have a Secure SDLC process, do not conduct vulnerability scans (SAST/DAST), and do not perform ongoing pen testing for your application.

Your beta submission does not meet the minimum requirements for a beta url. We also require supporting evidence to demonstrate an adequate security posture for a beta url. We encourage you to follow through with our standard publication process to have your app shareable with others outside of your account.

This is marketplace link for our ZOOM app.

https://marketplace.zoom.us/develop/apps/zqmqMwTOTm2oHEPsxguo6w/credentials

Can you help us know which supporting documents are required for the secure SDLC process , as well as for Vulnerability scan SAST/DAST. If you can provide us with some sample documents as references that would be great.

Also we are in process of running PEN testing for our product which is a website deployed on AWS as a deployment host. Can you provide an example of what SORT of PEN testing can be performed on the AWS infrastructure from your recent experiences with various apps.
Any help is highly appreciated.

Hi @amit4
Thanks for reaching out to the Zoom Developer Forum, I am happy to help here!
Sorry for the late reply here!
Have you been able to move forward with your request for a Publishable URL?
Please let me know if you need any help

Best,
Elisa