I have a planned release (multi-product deployment) that might be derailed because some one hasn't got "penetration testing" done (so may not get security clearance) in one important part of the solution.
The only details I have about the scope of this testing is:
Vulnerability Testing will cover Azure/SharePoint for web jobs.
Source O365 (SharePoint) ... Destination Azure .Net Services
Source Azure .Net Services ... Destination o365 (SharePoint)
I suspect that the quality of the .net code may be the biggest issue here, but assume this is written to stringent enterprise standards.
How risky can the "pen testing" be? Is it likely to result in a "no go" decision?
Should I be greatly concerned? or only moderately? or just a little? (explain why if you can)
(nb: I do not know what penetration testing actually does, nor do I know much about .net or Azure)