I am new to IT so please forgive me for the dumb question:)
can dynamic scans be run against heroku apps and will it result in any configuration changes? – are there a set of heroku application-specific standards to review? meaning when evaluating an app security are there certain configurations i have to check for specific to apps hosted on Heroku? – what do you see organizations doing to approve Heroku as a platform? are you only depending on 3rd party reviews provided by heroku as in ISO and SAS certs or are there specific testing scope you execute against heroku platform to test and approve. doubt generally they allow each customer to run an audit on their environment. My assumption is instead Heroku provides the certs.
finally any credible resource you recommend i check for this information? also is there