{"section":"announcements","requestedLocale":"en","requestedSlug":"2023-09-05-new-process-for-security-testing","locale":"en","slug":"2023-09-05-new-process-for-security-testing","path":"docs/en/announcements/2023/september/2023-09-05-new-process-for-security-testing.md","branch":"main","content":"VTEX periodically performs vulnerability checks through recurring scanning and penetration tests (_pen tests_). These procedures allow us to evaluate the level of security maturity of our platform.\n\nIf necessary, you can run a penetration test on your own — provided you are authorized by VTEX — and report any vulnerabilities found. To assist with this, the VTEX Security team has updated the procedure merchants should follow to perform a penetration test in their store environment.\n\n## What has changed?\n\nIn summary, the new process for running penetration tests consists of:\n\n1. Submit a request to schedule a test through [VTEX Support](https://supporticket.vtex.com/support).\n2. Review and sign the [confidentiality agreement](https://assets.ctfassets.net/alneenqid6w5/5iw8rN7CdSn7PHKvMMcO19/ab46ae4025d506e052dcef5974f9007f/Pentest_NDA_.zip) before running any tests.\n3. Once the test is complete, share the results with the VTEX Security team.\n\nFor more detailed information on this procedure, see the [Penetration tests and vulnerability notifications](/en/docs/tutorials/penetration-tests) guide.\n\n## Why did we make this change?\n\nWe have updated the penetration testing procedure to ensure the platform is secure and checks are run securely, preventing [unauthorized procedures](/en/docs/tutorials/penetration-tests#unauthorized-procedures) and actions that could harm our customers."}