others have alluded to PCI testing — but I think you need to ask the customer what this is about or what they are thinking.
if you system does NOT use credit cards or does not allow credit cards to pass through the system, then vulnerability testing might be a whole different kettle of fish.
If I recall, I think your world might mean HIPPA compliance for health care — I found this article online that mentions hippa .. I’m sure there are more.
if your system processes credit cards and it is vulnerability testing, then there are people who do probes of a network from the outside to see if the network has introduced more open ports. I’ve not heard the need every time you sent out a patch to an application, only time based such as ‘once a month’ or ‘once a quarter’ penetration scans into the network.
any way .. I suspect the request comes due to hippa compliance based on my recollection of what you do. thats the place to start.
see you at the third annual users conference
> On Dec 14, 2017, at 12:35 PM, Jock Philip <firstname.lastname@example.org> wrote:
> Anybody doing vulnerability testing in a client server environment?
> Have a customer that is requiring evidence of vulnerability testing on our software whenever we do updates. Oracle database, Studio 22.214.171.124, customer’s own network and their own server. Any examples, suggestions, tools or anything else of any help?
> Jock Philip [email@example.com
> 888.517.7779 x 3563
> Developers of OBserver OB/GYN Ultrasound Reporting and Image Archiving System
> Manage your list subscriptions at lists.omnis-dev.com
Manage your list subscriptions at lists.omnis-dev.com