Aha! takes security very seriously and proactively monitors and tests its network, data center infrastructure, and application. We conduct ongoing security reviews and under special circumstances we work closely with customers to conduct their own scheduled tests as well.
Aha! undergoes regular network perimeter and web application vulnerability scanning through leading third party providers. The scans are designed to preemptively notify us of any potential vulnerabilities. The scans can be shared with customers in the Enterprise+ plan. And due to how comprehensive they are, they typically satisfy IT and security teams that are interested in reviewing our security posture.
However, some IT teams are required to do their own vulnerability and penetration testing to maintain compliance with their internal policies. We can support that as well in special circumstances where customers are planning widespread use of Aha! in their organization.
Aha! customers in the Enterprise+ plan may request to do their own penetration test and security vulnerability scan. Since penetration tests are often indistinguishable from network attacks, all customer-initiated tests must have permission requested and granted by Aha! senior technical staff prior to being run.
Please contact firstname.lastname@example.org to request permission to schedule and run a scan. The technical team at Aha! will consult with your security review team to arrange a date and time for the tests to be run. The team at Aha! will also arrange a time and date for a review of any findings from your test as necessary.