I am working with a client who has requested the information to provide assurance that the platform is stable and secure before opening the shop up to the public, is anyone able to support in providing further details on Shopify’s security and the steps and frequency within Shopify’s testing.
Topic summary
Request for deeper details on Shopify’s application security program to assure platform stability and security before a store goes public. Focus is on penetration testing scope and the concrete steps Shopify takes during testing.
Details sought:
- Specific testing procedures applied to a store’s setup (e.g., configuration/theme) and how these validate security controls.
- Test cadence: how frequently tests are performed and how often environments are re-tested.
- Clarification on scope: what areas are covered by Shopify’s testing versus what a merchant must handle.
Context: Initial “detailed insights” already reviewed did not include step-by-step methods or retesting intervals, leaving the client’s assurance needs unmet.
Outcome/status: No resolution yet. The poster is seeking official or community-backed documentation with methodology, scope, and frequency details, or further guidance that fills these gaps.
Thanks for the response, we’ve shared the detailed insights however they don’t cover the specific steps taken in testing the set up or how frequently they are retested. Ideally we are looking for either more detail in the security and/or more detail in the testing against the security set up.
Thanks!