We are currently developing an OAuth app that integrates with Zoom’s API and preparing for its release on the Zoom Marketplace.
As part of the submission process for this release, the following requirement has been mentioned: “Red Team/Pentesting.”
We need to select a penetration testing service provider, but are there any specific conditions that are mandatory for the penetration testing to be conducted as part of the Zoom Marketplace review?
For example:
Is it necessary for the penetration testing service provider to have some form of authentication or certification?
Are there any specific requirements that must be included in the penetration testing report?
What are the specific areas that should be covered during the penetration testing?
I read a response stating that penetration testing is not mandatory in another context. Does that mean that only the results of SAST and DAST would be sufficient?
Thank you in advance for your assistance.