# Application Security

### Vulnerability Management

#### Vulnerability Scanning

We employ third-party security tools to unceasingly and dynamically scan our core applications against common web application security risks, including, but not limited to the OWASP Top 10 security risks. We maintain a dedicated in-house product security team to test and work with development teams to fix any discovered issues. We also employ third-party security teams to perform detailed Vulnerability scanning annually. eMudhra's Vulnerability Management document can be found [here](https://www.emsigner.com/trust-center/download/eMudhra_Vulnerability_Management_Process.pdf).

#### Third-party Penetration Testing

emSigner is tested intensively by our internal product and testing team before every major release. We also employ third-party security teams to perform detailed penetration tests annually.

### Employee Awareness & Training

**Secure Code Training**

All the codes that are written and published go through an iterative development process with a focus on secure coding. Huge emphasis is put on OWASP guidelines while developing the software.

**Quality Assurance**

Our Quality Assurance (QA) team reviews and tests our code base. We have a dedicated application security team who identify, test, and ensure that there are no security vulnerabilities in the code.

**Environments**

emSigner uses separate environments for production, staging, quality assurance, and development. The production and staging environments are isolated mutually with dedicated QA and Development environments, thereby ensuring that code transitions through a proper release process with a clear focus on DevOps practices.