Penetration Testing

We are looking to use JotForm for a new project but require that it is penetration tested. Do you have any generic pen test results of the JotForm platform and do you have any objections to us arranging our own penetration test?

You can run your own penetration test and then please update us what the results are if you find anything. JotForm takes security very seriously.

- We have bug bounty programs where we pay outside parties for reporting vulnerabilities in our system.
- Our servers are protected by private networks and constantly updated and patched.
- Our system administrators have a collective 40+ years of industry experience.
- Our development team is encouraged to follow best security practices.
- All data transfer are made of 256-bit SSL secure connection.
- Our servers are located on SSAE16 Audited facilities.

You can also check our Privacy Policy Page and Terms of Use.

If you have any specific questions about security please let us know we are more than happy to answer them. 

Thanks for your reply. Please can you confirm how many different servers our forms could potentially be hosted on. I am concerned that we could pay to have a particular form pen tested and then the next day the form is hosted on a different server?

We host our forms on 3 different data centers managed by the following providers

Amazon Web services and Incero.

You can access the forms from any domain.

I have forwarded this information to our developers so as to keep them in the loop regarding the upcoming penetration testing from your side

Here is a list of regions and their respective domains

United States
jotform.us  and   jotform.com
 
Canada
jotform.ca

EU (European Union)
jotformeu.com

Asia
jotform.me

Africa
myjotform.com

S. America
jotformz.com

Other
jotform.co

Premium/Pro
jotformpro.com