Microsoft conducts regular penetration testing to improve Azure security controls and processes. In addition, OnePlan performs our own penetration testing and code scans before and after every production update.
We utilize Qualys for network penetration testing our applications to verify there are no unknown risks. We also utilize the Security Code Scan extension for Visual Studio to scan our source code for code level vulnerabilities.
We follow OWASP standards. As changes are made to our application and / or network settings, we re-scan to verify no issues have been created. If an issue has been created, we will resolve it before pushing it to production. If an issue is found in production, we will resolve it immediately.