VTEX periodically performs vulnerability checks through recurring scanning and penetration tests (pen tests). These procedures allow us to evaluate the level of security maturity of our platform.
If necessary, you can run a penetration test on your own — provided you are authorized by VTEX — and report any vulnerabilities found. To assist with this, the VTEX Security team has updated the procedure merchants should follow to perform a penetration test in their store environment.
What has changed?
In summary, the new process for running penetration tests consists of:
- Submit a request to schedule a test through VTEX Support.
- Review and sign the confidentiality agreement before running any tests.
- Once the test is complete, share the results with the VTEX Security team.
For more detailed information on this procedure, see the Penetration tests and vulnerability notifications guide.
Why did we make this change?
We have updated the penetration testing procedure to ensure the platform is secure and checks are run securely, preventing unauthorized procedures and actions that could harm our customers.