Security Testing and Vulnerability Management

Third-Party Penetration Testing
Marketplace is built on the Moodle® framework, which benefits from ongoing security reviews and penetration testing conducted by a global user community — including organizations in military and banking sectors.

Vulnerability Scanning
We use third-party vulnerability scanning tools that continuously scan our systems for over 15,000 known security threats, including SQL injection, cross-site scripting (XSS), and insecure encryption configurations.

Intrusion Detection and Prevention
Marketplace servers are protected by firewalls and intrusion prevention systems (IPS) that block malicious activity. We also use anomaly-based intrusion detection systems (IDS) to monitor usage patterns and detect suspicious behavior.

Web Application Firewall (WAF)
All Marketplace traffic is routed through a Web Application Firewall (WAF) that provides an additional layer of protection against application-layer attacks. The WAF actively filters and blocks malicious HTTP requests, such as those attempting cross-site scripting (XSS), SQL injection, and other common web exploits. It also helps mitigate distributed denial-of-service (DDoS) attempts and enforces access control policies, ensuring only legitimate traffic reaches the platform.

Anti-Virus Protection
Marketplace employs anti-virus and anti-malware software to scan all uploaded files and system activity for known threats. Our virus definitions are updated continuously, ensuring the platform is protected against the latest viruses, trojans, ransomware, and other malicious software. This automated protection layer helps prevent infected files from being introduced into the system and complements our other real-time security controls.

Bug Bounty Program

Marketplace benefits from Moodle’s Bugcrowd program, a responsible vulnerability disclosure initiative that invites ethical hackers to report security concerns before they can be exploited.