Skip to content

Add penetration testing policy #443

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Cieper wants to merge 6 commits into
base: master
Choose a base branch
from
+45 −0
Open

Add penetration testing policy #443

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
9ea90a4
Add penetration testing policy
Cieper Dec 31, 2025
4cfa05b
Merge branch 'master' into pentest-policy
Cieper Dec 31, 2025
80ccf9d
Fix filename
Cieper Dec 31, 2025
055355a
Fix formatting
Cieper Dec 31, 2025
dc14f2e
Fix formatting
Cieper Jan 6, 2026
b88df38
Merge branch 'master' into pentest-policy
Cieper Jan 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 45 additions & 0 deletions docs/about-hypernode/security-policies/penetration-testing-policy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
---
myst:
html_meta:
description: Hypernode's policy for customers that wish to run a pentest on their
website
title: Penetration Testing Policy | Security | Hypernode
---

# Customer Pentest Policy

```{important}
This policy is for customers that wish to perform an external penetration test on their own hosting environment. For Unaffiliated third-parties that wish to test the Hypernode platform itself, we have a separate [Responsible Disclosure Policy](responsible-disclosure-policy.md).
```

At Hypernode, we support responsible security testing practices that help customers improve the safety and resilience of their hosted application, and our platform. Customers may conduct penetration tests on their own hosting environments under the following conditions and guidelines.

## Scope of Testing

Penetration testing is only permitted on the customer's *own* hosting space. Testing must not extend to, or affect, any other part of the platform or infrastructure managed by either Hypernode, or other Hypernode customers..

## Requirements

Penetration testing is allowed under the following conditions:

- All pentests must be performed by a reputable, experienced, party.
- You will [inform us](https://www.hypernode.com/en/support/) at least 72 hours ahead of time, and let us know the time, source IP(s) and target of the pentest.
- If the pentest causes, or discovers, any server side issues, you will share the full report of the pentest with us afterwards. You will keep these findings confidential, untill we've had the opportunity to assess and address the issue.

We do not allow pentests that:

- Rely on Social Engineering.
- Perform Brute Force testing.
- Test (D)DoS protection or -resilience.
- Test Physical Security of Datacenters, Offices, etc.
- May cause permanent damage to hardware or equipment.

You may wish to add the source IP's of the pentest to the [Hypernode WAF allowlist](./../../best-practices/firewall/ftp-waf-database-allowlist.md), to prevent our automated systems from affecting the test.

## Security Waivers

Hypernode explicitly gives its customers permission to test their own Hypernode hosting environment. If your penetration testing partner still requires a signed waiver, please [contact us](https://www.hypernode.com/en/support/).

# Hypernode's Own Pentest Policy

Hypernode performs regular penetration tests of both the Hypernode hosting platform, and its internal applications like the Hypernode Control Panel. Details about these penetration tests are available for customers [upon request](https://www.hypernode.com/en/support/).
Loading