Nanonets Security
Search…
Nanonets Security Home
Disaster Recovery
Password and Credential Storage
Autoscaling
Access Control
Encryption
Geography Specific Requirements
Data Retention Policy
Data Destruction Policy
Data Export and Transfer Policy
Penetration Testing Policy
Load Testing Policy
Security Incident Response Policy
Release Cycle
Business Continuity Policy
Availability Policy
Software Development Lifecycle Policy
Log Management Policy
Risk Assessment Policy
Onboarding and Termination
Powered By GitBook
Penetration Testing Policy
If you have a paid Nanonets subscription, you may conduct a security test of your model and API endpoints for your model.

Submit penetration testing request

To conduct a security test, please notify us in advance by writing an email to [email protected]. Nanonets requires at least 14 days notice prior to your test's planned start date.
If the test is isolated to your infrastructure (that is, there will be no testing of Nanonets services), you do not need to notify Nanonets.

Information required

Please provide the following information in the support ticket when requesting approval for testing:
  • The specific dates/times of the test and timezone
  • The high level scope of the test
  • IP address(es) the scan will come from
  • The Nanonets models(s) involved
  • Two (2) contacts who will be available during the entire test period in case we need to contact you. If we have any questions, we will make a reasonable attempt to contact you. If you cannot be reached, we reserve the right to take measures to protect the service, which may include shutting down or blocking your model and/or the source of the intrusion traffic.

Test requirements

Nanonets requires that:
  • The test be restricted to only your model(s)
  • You disclose any suspected findings to the Nanonets Security team for explanation/discussion

Restrictions

  • You may not conduct any load testing (such as Denial of Service testing) per the load testing policy.
  • You may not conduct any penetration testing targeting our management dashboard. Management and Authentication APIs are allowed.
  • You may not conduct any penetration testing targeting models that we have not approved.
Previous
Data Export and Transfer Policy
Next
Load Testing Policy
Last modified 1yr ago
Export as PDF
Copy link
Outline
Submit penetration testing request
Test requirements
Restrictions