Pentesting and ISO 27001

VaughttonNoCode · August 20, 2024, 2:48pm

¡Hey there!

We have a possible client that wants to build an internal portal using WeWeb, and taking information directly from their APIs. They work with big clients so security is really important for them.

So the ask us for two requisites:

Pass all the ISO 27001 requisites: ISO 27001: de qué se trata y cómo implementarla.
Support pentesting once a year

I really don’t know how to approach this conversation as I think the certification would be on WeWebs part and not the app itself and I don’t know if pentesting is allowed when developing on weweb.

If not, ¿any clues on how can we circunvent this?

Broberto · August 20, 2024, 3:15pm

I think there is a topic about something similar around the forum, where @Raphael is saying that they pentest WeWeb. As for the ISO, someone like Slavo from the team will definitely be able to tell.

raydeck · August 20, 2024, 5:47pm

If this is internal rather than external, you might be able to solve the problem through self-hosting too. That way you take WW out of the mix as a service provider, shrinking your attack profile. You run the software on your own controlled servers.

Topic		Replies	Views
WeWeb Platform Security Ask us anything security	6	733	March 18, 2024
Security Audit / Support Developer corner	4	164	December 10, 2024
WeWeb certification soon? Ask us anything	10	427	February 27, 2025
Are our apps vulnerable to the WeWeb 3.0 AI? Ask us anything	3	141	February 14, 2025
WeWeb and accessibility Ask us anything	2	225	October 3, 2024

Pentesting and ISO 27001

Related topics