web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Question about penetra...
Customer experience | Sales, Customer Insights,...
Answered

Question about penetration testing of marketing forms

(1) ShareShare
ReportReport
Posted on by truc binh 6
Hi community,
 
We are currently using Dynamics 365 Customer Insights – Journeys. Our marketing team has created marketing forms and event registration forms, which are being embedded on our website for customers to register for events.
Recently, our security team asked whether these forms have been tested or implemented with security measures such as protection against cross-site scripting (XSS), SQL injection, and similar vulnerabilities—or if we need to implement these validations ourselves.
I would like to confirm whether the reports available on Microsoft Service Trust Portal include penetration testing for marketing forms.
How should we respond to this question from our security team?
 
Best Regards,
Binh.
Categories:
Dynamics 365 Customer Insights - Journeys
I have the same question (0)
  • Verified answer
    MVP-Daniyal Khaleel Profile Picture
    MVP-Daniyal Khaleel 676 on at
    Question about penetration testing of marketing forms

    The marketing forms and event registration forms used in Dynamics 365 Customer Insights – Journeys are hosted and processed entirely within the Microsoft Cloud infrastructure. These forms are part of the Dynamics 365 platform, which inherits Microsoft’s enterprise-grade security framework and compliance controls.Microsoft performs regular penetration testing, code reviews, and security assessments on Dynamics 365 online services as part of their Software Development Lifecycle (SDL) and Operational Security Assurance (OSA) programs.Details of these assessments , including third-party audits, certifications, and penetration testing summaries ,are available through the Microsoft Service Trust Portal under the Dynamics 365 and Microsoft 365 sections.It’s important to note that while the platform (including form rendering, submission endpoints, and data storage) is secured and tested by Microsoft, any custom JavaScript, HTML embedding, or third-party integrations added when embedding the forms on your website are considered customer responsibility. These should be reviewed and tested by our own security team for XSS, injection, or other vulnerabilities that could arise from local customization or embedding.

     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Pallavi Phade – Community Spotlight

We are honored to recognize Pallavi Phade as our Community Spotlight honoree for…

Congratulations to the October Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
Tom_Gioielli Profile Picture

Tom_Gioielli 162 Super User 2025 Season 2

#2
#ManoVerse Profile Picture

#ManoVerse 103

#3
MVP-Daniyal Khaleel Profile Picture

MVP-Daniyal Khaleel 87

Last 30 days Overall leaderboard

Featured topics

Hide selecting Contact for potential customer when creating quote

Product updates

Dynamics 365 release plans