# Penetration Testing Policy If you have a paid Nanonets subscription, you may conduct a security test of your model and API endpoints for your model. ### Submit penetration testing request To conduct a security test, please notify us in advance by writing an email to . Nanonets requires at least 14 days notice prior to your test's planned start date. If the test is isolated to your infrastructure (that is, there will be no testing of Nanonets services), you do not need to notify Nanonets. #### Information required Please provide the following information in the support ticket when requesting approval for testing: * The specific dates/times of the test and timezone * The high level scope of the test * IP address(es) the scan will come from * The Nanonets models(s) involved * Two (2) contacts who will be available during the entire test period in case we need to contact you. If we have any questions, we will make a reasonable attempt to contact you. If you cannot be reached, we reserve the right to take measures to protect the service, which may include shutting down or blocking your model and/or the source of the intrusion traffic. ### Test requirements Nanonets requires that: * The test be restricted to only your model(s) * You disclose any suspected findings to the Nanonets Security team for explanation/discussion ### Restrictions * You may not conduct any [load testing](/load-testing-policy.md) (such as Denial of Service testing) per the load testing policy. * You may not conduct any penetration testing targeting our management dashboard. Management and Authentication APIs are allowed. * You may not conduct any penetration testing targeting models that we have not approved. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://security.nanonets.com/penetration-testing-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.