Vulnerability and Penetration Testing

Describes how FMI Works uses third-party monitoring to ensure security against existing and nascent threats.

This article is for IT and security professionals


FMI Works is a built for cloud product.  This requires a heightened responsibility to be secured against cloud threats.  In addition to development and policy based security practices, it is necessary to independently check the outcomes of these efforts.  This includes testing security using both manual and automated testing tools.

Regardless of how security issues are identified, we first triage issues using the established Common Vulnerability Scoring System (CVSS). Then, we remove the bugs and mitigate the risks in priority order, ensuring FMI Works remains safe and secure.

Penetration Testing

The gold standard of security is the manual penetration test.  FMI Works has penetration testing performed annually by an independent auditor.  This is a three part exercise where "white-hat" hackers attack our system looking for the any avenue that would suggest a weakness in our software.  FMI Works is then hardened against these latest attacks.  Finally, the auditor validates our solutions.  This is an exhaustive process that lasts for several months each year.

Vulnerability Testing

There are new attacks that occur more frequently than the penetration tests can identify.  To stay protected throughout the year, the FMI Works products are checked weekly for vulnerabilities using third-party vulnerability scanning tools.  This provides early warning against the most common threats with a scanning database that is constantly updated.  When new threats are discovered, when new features are released, or new best-practices are defined; we have timely feedback to ensure the system stays secure.