Penetration Testing

  • Profile Image
    Asked on July 29, 2015 at 05:07 AM

    We are looking to use JotForm for a new project but require that it is penetration tested. Do you have any generic pen test results of the JotForm platform and do you have any objections to us arranging our own penetration test?

  • Profile Image
    Answered on July 29, 2015 at 06:22 AM

    You can run your own penetration test and then please update us what the results are if you find anything. JotForm takes security very seriously.

    - We have bug bounty programs where we pay outside parties for reporting vulnerabilities in our system.
    - Our servers are protected by private networks and constantly updated and patched.
    - Our system administrators have a collective 40+ years of industry experience.
    - Our development team is encouraged to follow best security practices.
    - All data transfer are made of 256-bit SSL secure connection.
    - Our servers are located on SSAE16 Audited facilities.

    You can also check our Privacy Policy Page and Terms of Use.

    If you have any specific questions about security please let us know we are more than happy to answer them. 

  • Profile Image
    Answered on July 29, 2015 at 11:54 AM

    Thanks for your reply. Please can you confirm how many different servers our forms could potentially be hosted on. I am concerned that we could pay to have a particular form pen tested and then the next day the form is hosted on a different server?

  • Profile Image
    Answered on July 29, 2015 at 01:49 PM

    We host our forms on 3 different data centers managed by the following providers

    Amazon Web services and Incero.

    You can access the forms from any domain.

    I have forwarded this information to our developers so as to keep them in the loop regarding the upcoming penetration testing from your side


    Here is a list of regions and their respective domains

    United States  and

    EU (European Union)



    S. America