elearningforce logo

Pen Testing

The Penetration Testing for LMS365 is conducted annually by IFCR, an independent company based in Denmark. Pen Testing for LMS365 should be read in conjunction with the Pen Testing carried out by Microsoft on the Azure platform.

The LMS365 Pen Test is limited to the LMS365 Application and does not include the Pen Testing of Microsoft Azure.

Executive Summary

Synopsis

It is our assessment, that the LMS365 application is implemented with a high degree of security and that it does not contain any known vulnerabilities, which can be leveraged to gain access to customer data or backend systems.

As the LMS365 application is highly integrated with the Microsoft Office 365 and Azure platforms, several key security features, including the authentication and authorization scheme, is inherited from this platform. The focus of the test was thus limited to the non Office 365 functionality available to the users of LMS365 to ensure maximum coverage of the LMS365 application and less on the standard Microsoft platform itself.

It should be noted that ELEARNINGFORCE was very responsive and observant during the test, which led to a better understanding of the setup and design choices. This also enabled a dialogue around some of the initial observations made during the test and whether these were in scope (LMS365) or out of scope (standard Microsoft functionality)

Key Findings

No high severity vulnerabilities were observed during the test.

To receive a copy of the complete Pen Test Report email trust@lms365.com