Hi I have been asked to establish how secure the app is and about penetration testing. I have searched the web and I cant find out any resources on this. I am looking to get the app adopted by by institution but before this can happen I need to establish if it can be penetrated and used to gain access to our VLE.
The whole point of the app is to gain access to your VLE
More seriously though, the app interacts with your VLE via Moodle's web service API. Because if this, there should be no additional security risk to your VLE from using the app, over and above having web services enabled.