Penetration Testing
Running Penetration Tests at Pugpig
Table of Contents
Running Penetration Tests at Pugpig
We encourage our customers to run penetration tests - it helps us harden our systems. We normally have this happen between 1 and 3 times a year. If you wish to run one, please do let us know as we need to inform Fastly and supply them with information.
Ownership of Pen Tests
When you run a penetration test against our system, we encourage you to share the results with us so that we can remedy any issues. However, we will never share your test results (commissioned and paid for by you) with any other clients.
We do not commission our own penetration tests from external vendors. This means that we do not provide anything if a client asks us to provide penetration test results that they did not commision.
What We'll Need From You
For Fastly, we'll need to know the following:
- The source IP address of the test
- The date of the test
- The start and end time of the test, including the time zone
- The contact information for the individual or third party performing the test, including a phone number and e-mail address
- Whether or not the security test is likely to lead to significantly increased traffic volume
Read more about this here: https://docs.fastly.com/en/guides/penetration-testing-your-service-behind-fastly
Please also note that Amazon have now updated their policy. AWS customers are now welcome to carry out security assessments or penetration tests of their AWS infrastructure without prior approval for the services listed in the next section under "Permitted Services". All of Pugpigs' services fall under this.
We commit to immediately fixing any critical or high risk issues; medium and low issues will be considered, and addressed if appropriate. As pen tests are run by customers we aren't able to share full reports, but here are some highlights from past tests: