A penetration test is an interactive security test undertaken to identify security vulnerabilities that are actually exploitable.

In accordance with Wellnomics Security Development Lifecycle (SDLC) Policies and Procedures Independent Penetration Testing is conducted annually on the latest version of Wellnomics SaaS (Wellnomics Risk Management).  This is done to ensure that Wellnomics solutions meets the highest standards for security, and provides customers with confidence that all efforts are carried out to avoid vulnerabilities in Wellnomics solutions.

Independent security specialists, Insomnia Security were engaged to perform a full penetration test on (pre-release) Wellnomics SaaS version 4.5.0  application and API on an Azure hosted server. The initial report found, one high, two medium and 7 low priority issues.

Following the initial test, a regression test was carried out by Insomnia Security, giving time for Wellnomics to evaluate and address the vulnerabilities according to Wellnomics security guidelines.

The regression test confirmed all high and medium security vulnerabilities had been removed from Wellnomics SaaS 4.5.0 Web Application and API on an Azure hosted server.  The version used for the regression test has since been released to clients.  

An official statement from Insomnia Security confirming the Application Security Review above is attached below.

Insomnia Security is a CREST Approved organization and a certified accredited member of CREST International, the Council of Registered Ethical Security Testers.