We have been asked for ZAP or Burp penetration test scan report on the api.companieshouse.gov.uk endpoint.
Before embarking on the test, do you have policies relating to the use of penetration test tools or notifying you ahead of their use?
We do have policies regarding the use of the tools and notifying us in advance. We will require: -
Will private message you to continue the discussion.
I have a similar query. My security team are asking for assurances over the security of the Companies House APIs which will lead to us needing to test.
Are you able to share the information relating to this original query back in 2015?