Does Chargebee support VAPT security?
How often Chargebee checks the Vulnerability Scanning & Patching?
Chargebee is committed to ensuring the confidentiality, integrity, and availability of the sensitive, and confidential data of the customers it collects, stores, or transfers.
Vulnerability Assessment and Penetration Testing (VAPT) describes a broad range of security assessments designed to identify and help address cyber security exposures across an organization's IT estate. The evolving tools, tactics, and procedures used by cybercriminals to breach networks mean that it’s essential to test your organization’s cyber security regularly. VAPT helps protect your organization by providing visibility of security weaknesses and guidance to address them.
Types of Scans
Internal VAPT (App & API)
External VAPT (App & API)
DAST (App & API)
We periodically check and apply patches for third-party software/services. As and when vulnerabilities are discovered we apply the fixes. We do periodic vulnerability scanning using the services of an authorized QSA.
Chargebee performs the VAPT assessment on a quarterly basis.
In addition, we also have an in-house security team who performs Vulnerability scans on a monthly basis.
Each API endpoint is manually tested against the vulnerability which includes the following modules,
BOLA (Broken Object Level Authorization)
Broken User Authentication
Excessive Data Exposure
Lack of resources & rate limiting
Broken Function level Authorization (BFLA)
Improper Asset Management
Insufficient Logging & Monitoring
Below are the major test cases validated when any module in the Chargebee Product undergoes a security assessment:
Insecure Server Configuration
Request Header based attacks
Refer to this link for more information.