One of externally developed solutions is undergoing an upgrade from Angular 8 to Angular 13. Should we be requesting a Pen Test is completed as this is a major release in a way?
There are no additional changes incoming with the build to UAT. What are the parameters that should mean a Pen test is required?
I have had a look at How often should you perform security testing? - #6 by adystokes for example but not exactly called out.
In the absence of a completing a Pen test what should I request the supplier to complete in terms of their security testing?
Thanks in advance,