Penetration and vulnerability testing

Aha! takes security very seriously and proactively monitors and tests its network, data center infrastructure, and application. We conduct ongoing security reviews and under special circumstances we work closely with customers to conduct their own scheduled tests as well.

Aha! penetration and vulnerability testing

Aha! undergoes regular network perimeter scanning, web application vulnerability scanning, and web application penetration tests through leading third party providers. The scans and penetration tests are designed to preemptively notify us of any potential vulnerabilities. The scans and penetration test results can be shared with customers in the Enterprise+ plan. And due to how comprehensive they are, they typically satisfy IT and security teams that are interested in reviewing our security posture.

However, some IT teams are required to do their own vulnerability and penetration testing to maintain compliance with their internal policies. We can support that as well in special circumstances where customers are planning widespread use of Aha! in their organization.

Customer penetration and vulnerability testing

Aha! customers in the Enterprise+ plan may request to do their own penetration test and security vulnerability scan. Since penetration tests are often indistinguishable from network attacks, all customer-initiated tests must have permission requested and granted by Aha! senior technical staff prior to being run.

Please contact support@aha.io to request permission to schedule and run a scan. The technical team at Aha! will consult with your security review team to arrange a date and time for the tests to be run. The team at Aha! will also arrange a time and date for a review of any findings from your test as necessary.