Hello, I was asked by a customer as for subj.
Does somebody has any ideas or info?
I understand SDK can have vulnerabilities. It is possible.
Obviously need to do some tests before it's release. I agree. Because possible SDK developer could do some stupid mistake. Why not?
So somebody should do some tests before release as for at least easiest tests for DOS attack and other vulnerabilities.

Did somebody have some experience about this? Could you share it?

Best regards, Dmitry

Hi Dmitry,

Client SDK does all kinds of regression and sanity before releasing it to the customer.

Can you please let us know if you found any issues?
What kind of vulnerability testing you are expecting?
Which platform you are using?

Can you please answer the above questions to help you in a better way?

Thanks,
Avaya DevConnect Team.

Any software can have vulnerabilities. There are various vendors in the market that specialize in vulnerability scanning software
https://www.google.com/search?q=tools+to+scan+software+for+vulnerabilities&rlz=1C1GCEA_enUS878US878&ei=9tQWYZ_IOKyu5NoP-MuiwAU&oq=tools+to+scan+software+for+vulnerabilities&gs_lcp=Cgdnd3Mtd2l6EAMyBQgAEM0CMgUIABDNAjIFCAAQzQIyBQgAEM0COgcIABBHELADOgQIABANOggIABAIEAcQHjoICAAQCBANEB46BQgAEIYDSgQIQRgAUJoZWMAjYPA4aAFwAngAgAG2AYgByQqSAQQwLjEwmAEAoAEByAEIwAEB&sclient=gws-wiz&ved=0ahUKEwifm9OY6q7yAhUsF1kFHfilCFgQ4dUDCA4&uact=5&safe=active&ssui=on

Of course any scan can have false positives that need tracked down and a determination made as to actual risk.

This isn't really a question related to APIs or Avaya products, the vendors that the Google search identified have similar forums and content related to how to, why, what to look out for, etc that should be used. Scanning Avaya software should be treated similarly to scanning any vendor's software solutions.

Beyond that, what type of information about vulnerability scanning are you looking for?