# Application Security ### Vulnerability Management #### Vulnerability Scanning We employ third-party security tools to unceasingly and dynamically scan our core applications against common web application security risks, including, but not limited to the OWASP Top 10 security risks. We maintain a dedicated in-house product security team to test and work with development teams to fix any discovered issues. We also employ third-party security teams to perform detailed Vulnerability scanning annually. eMudhra's Vulnerability Management document can be found [here](https://www.emsigner.com/trust-center/download/eMudhra_Vulnerability_Management_Process.pdf). #### Third-party Penetration Testing emSigner is tested intensively by our internal product and testing team before every major release. We also employ third-party security teams to perform detailed penetration tests annually. ### Employee Awareness & Training **Secure Code Training** All the codes that are written and published go through an iterative development process with a focus on secure coding. Huge emphasis is put on OWASP guidelines while developing the software. **Quality Assurance** Our Quality Assurance (QA) team reviews and tests our code base. We have a dedicated application security team who identify, test, and ensure that there are no security vulnerabilities in the code. **Environments** emSigner uses separate environments for production, staging, quality assurance, and development. The production and staging environments are isolated mutually with dedicated QA and Development environments, thereby ensuring that code transitions through a proper release process with a clear focus on DevOps practices. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://support.emsigner.com/security-and-quality/application-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.