Penetration Testing Requirements for Zoom Marketplace App Submission

We are currently developing an OAuth app that integrates with Zoom’s API and preparing for its release on the Zoom Marketplace.

As part of the submission process for this release, the following requirement has been mentioned: “Red Team/Pentesting.”

We need to select a penetration testing service provider, but are there any specific conditions that are mandatory for the penetration testing to be conducted as part of the Zoom Marketplace review?
For example:

Is it necessary for the penetration testing service provider to have some form of authentication or certification?
Are there any specific requirements that must be included in the penetration testing report?
What are the specific areas that should be covered during the penetration testing?

I read a response stating that penetration testing is not mandatory in another context. Does that mean that only the results of SAST and DAST would be sufficient?

Thank you in advance for your assistance.


Please reach out to our Marketplace security team for these types of answers. You can reach them via email:

Regards, Kwaku

Thank you for your response.
I will inquire as soon as possible.

Hello. Thank you for your response the other day.

Since then, I have sent two emails to, but I have not received any replies. Is there any other contact point where I can make inquiries?

Thank you.

Hello, @merge.naluo can you resend the email and CC so i can let them know about the email recieved.

Regards, Kwaku

Hello, Kwaku.
I’ll try to get in touch.

I deeply appreciate your repeated and prompt responses.