Infrastructure testing

iProov welcomes our customers conducting penetration (PEN) and infrastructure security testing. We can work with you to ensure the best processes for fair and thorough testing.

Testing rules of engagement

Send iProov the following information about your test:

  • Timings and test window.

  • Emergency contact details of your testing team.

  • Tenants

  • SDKs and channels.

  • Type of testing.

  • Service provider names.

  • IP addresses from which we can expect testing traffic.

  • Third parties involved in the testing (provide contact details).

Important

  • Wait for approval from iProov before you start testing.

  • The iProov system includes elements designed to stop attacks and may prevent your test from proceeding. We can provide a way to test with these components deactivated. Let us know when you plan to perform your testing.

  • Testing should only occur with both client and server side iProov components implemented. Public demo apps shared by iProov are not suitable for this type of testing.

  • The backend integration must be in place to prevent session hijacking, man-in-the-middle attacks, and compromised handsets.

  • iProov will comply with any request for regular PEN testing and certification. We have previously used IT Governance but can use other auditing and testing organizations recommended or required to support your solution.

  • Share all findings with iProov after the tests have completed.

Next step

Usability testing