For the best web experience, please use IE11+, Chrome, Firefox, or Safari

OneLogin Compliance Commitment

As a security-first company, data and privacy protection are our # 1 priority.

Penetration Tests

Penetration Tests

Application penetration tests are performed by independent third parties on a quarterly basis. The objective of these tests is to help ensure we discover potential security vulnerabilities in our app and are steering clear of the OWASP Top 10 and the SANS Top 25. Testers are granted access to their own OneLogin account and the underlying source code and we alternate the vendors that we use. We perform ad hoc pen tests, as needed, when rolling out significant features or functionality that might not be covered by the periodic tests.

What’s the primary purpose of this initiative?

Penetration tests help OneLogin identify potential security vulnerabilities in our app, including those in the OWASP Top 10 and the SANS Top 25.

What’s the scope?

The core app is covered during every assessment and additional services including mobile apps and browser extensions are focus areas on a rotational basis.

How often are you evaluated/audited?

Third party penetration tests are performed on a quarterly basis.

Who is the primary audience?

OneLogin - internal use only

Responsible Disclosures

We take security seriously at OneLogin. As part of our ongoing commitment to provide a best-in-class cloud service, we leverage independent third parties to help us strengthen our security. If you think you have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

Report a vulnerability or view our Security Hall of Fame

Are you a Security Researcher?

We are always looking for talented individuals with security experience.