-
Notifications
You must be signed in to change notification settings - Fork 39
Add penetration testing policy #443
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 6 commits
Commits
Show all changes
7 commits
Select commit
Hold shift + click to select a range
9ea90a4
Add penetration testing policy
Cieper 4cfa05b
Merge branch 'master' into pentest-policy
Cieper 80ccf9d
Fix filename
Cieper 055355a
Fix formatting
Cieper dc14f2e
Fix formatting
Cieper b88df38
Merge branch 'master' into pentest-policy
Cieper 6bf2daf
Typo
Cieper File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
45 changes: 45 additions & 0 deletions
45
docs/about-hypernode/security-policies/penetration-testing-policy.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| --- | ||
| myst: | ||
| html_meta: | ||
| description: Hypernode's policy for customers that wish to run a pentest on their | ||
| website | ||
| title: Penetration Testing Policy | Security | Hypernode | ||
| --- | ||
|
|
||
| # Customer Pentest Policy | ||
|
|
||
| ```{important} | ||
| This policy is for customers that wish to perform an external penetration test on their own hosting environment. For Unaffiliated third-parties that wish to test the Hypernode platform itself, we have a separate [Responsible Disclosure Policy](responsible-disclosure-policy.md). | ||
| ``` | ||
|
|
||
| At Hypernode, we support responsible security testing practices that help customers improve the safety and resilience of their hosted application, and our platform. Customers may conduct penetration tests on their own hosting environments under the following conditions and guidelines. | ||
|
|
||
| ## Scope of Testing | ||
|
|
||
| Penetration testing is only permitted on the customer's *own* hosting space. Testing must not extend to, or affect, any other part of the platform or infrastructure managed by either Hypernode, or other Hypernode customers.. | ||
|
|
||
| ## Requirements | ||
|
|
||
| Penetration testing is allowed under the following conditions: | ||
|
|
||
| - All pentests must be performed by a reputable, experienced, party. | ||
| - You will [inform us](https://www.hypernode.com/en/support/) at least 72 hours ahead of time, and let us know the time, source IP(s) and target of the pentest. | ||
| - If the pentest causes, or discovers, any server side issues, you will share the full report of the pentest with us afterwards. You will keep these findings confidential, untill we've had the opportunity to assess and address the issue. | ||
|
|
||
| We do not allow pentests that: | ||
|
|
||
| - Rely on Social Engineering. | ||
| - Perform Brute Force testing. | ||
| - Test (D)DoS protection or -resilience. | ||
| - Test Physical Security of Datacenters, Offices, etc. | ||
| - May cause permanent damage to hardware or equipment. | ||
|
|
||
| You may wish to add the source IP's of the pentest to the [Hypernode WAF allowlist](./../../best-practices/firewall/ftp-waf-database-allowlist.md), to prevent our automated systems from affecting the test. | ||
|
|
||
| ## Security Waivers | ||
|
|
||
| Hypernode explicitly gives its customers permission to test their own Hypernode hosting environment. If your penetration testing partner still requires a signed waiver, please [contact us](https://www.hypernode.com/en/support/). | ||
|
|
||
| # Hypernode's Own Pentest Policy | ||
|
|
||
| Hypernode performs regular penetration tests of both the Hypernode hosting platform, and its internal applications like the Hypernode Control Panel. Details about these penetration tests are available for customers [upon request](https://www.hypernode.com/en/support/). | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.