External Pen Test requirement when upgrading Angular to newer version

Hi all,
One of externally developed solutions is undergoing an upgrade from Angular 8 to Angular 13. Should we be requesting a Pen Test is completed as this is a major release in a way?

There are no additional changes incoming with the build to UAT. What are the parameters that should mean a Pen test is required?
I have had a look at How often should you perform security testing? - #6 by adystokes for example but not exactly called out.

In the absence of a completing a Pen test what should I request the supplier to complete in terms of their security testing?

Thanks in advance,


The vendor has agreed that yes as this is major release, a pen test will be completed. Appreciate any advice though on what changes in a system require a pen test for future reference :smile:

You should try bug bounty programs instead of pentests; continuous hacking & only pay for vulnerabilities instead of time.

Pentests are still nice, don’t get me wrong but compared to a bug bounty program, a pentest is …nothing :stuck_out_tongue:

1 Like