No Cloud solution is without risk, so it is essential that customers have an accurate assurance of the level of risk associated with any solution they plan to implement. To provide this, Sensei undertakes regular security testing of the Sensei Hub products by CREST certified 3rd party auditors: Sense of Security.
Sense of Security was engaged to test the Sensei Hubs product externally via penetration testing and review the architecture internally.
Sensei has demonstrated progress in reducing our risk profile over time through the mitigation of previously highlighted issues.
Web Application Penetration Testing:
Azure Architecture Review:
- Web Application Penetration Testing: "It was identified that SPS has taken great care in designing the Sensei Hub application, with security being one of the main considerations throughout this process. SOS did not find any critical or high-risk items such as SQL injection, or cross-site scripting. Furthermore, access control issues such as forceful browsing, and parameter tampering that are typically found in new applications are not present. It is evident that SPS have leveraged their framework extensively in the design of the Sensei Hub application. Remediating items addressed in this report will only further increase the overall security of the Sensei Hub application, and improve SPS's security posture" Overall Risk Rating (Weighted Risk Average)
- Azure Architecture Review: "It was identified that SPS has implemented a robust and overall secure architecture for the Azure Environment that largely adheres to best practices." Overall Risk Rating (Weighted Risk Average)
Full reports and mitigation registers available on request after signed NDA.