Security is a continuous investment for us. We’re sharing this note for transparency and to support your security review.
Scope (high level)
The assessment covered our web application and APIs (including the .NET gateway and Python processing API), authentication/authorization, payment and subscription flows, and data access controls across production and test environments.
Testing was aligned with common industry references, including OWASP Top 10 (2023), OWASP API Security Top 10 (2023), and the CWE/SANS Top 25 categories.
Summary of results
The assessment identified findings across different severity levels. We prioritized remediation of the highest-severity findings, then completed follow-up testing with Iterasec for the in-scope remediation items.
Compliance and audit readiness
This penetration test is a required component of our upcoming SOC 2 Type II external audit. Instafill.ai maintains compliance programs aligned with industry standards:
Why this matters
For teams in healthcare, legal, finance, and other regulated industries, third-party security testing is often part of vendor security review. You need clear, concrete evidence that the tools handling sensitive data are assessed against professional standards.
Full report available on request
The complete 102-page penetration test report is available to customers and prospects evaluating Instafill.ai for their organization. If you’d like a copy for compliance or security review, email us at [email protected].
Ongoing security
Security isn’t a one-time project. Beyond this penetration test, we maintain:
- Encryption in transit and at rest
- Centralized key management with scheduled key rotation
- Ongoing security reviews and risk-based assessments
- Secure development practices, including code review and remediation workflows
If you have questions about our security practices or need documentation for your compliance team, reach out anytime.