External security testing
I work for a non customer facing home loan lender and we're looking at having an internal application we use to submit lending applications deployed to an external vendor so they can input the applications themselves and we get the data pumped to our system.
Does anyone have any experience with testing this sort of scenario and if so, what path did you take making sure the application was secure?
Re: External security testing
Do the threat modeling by yourself(if capable) or hire a professional.