As an Enterprise Customer, you can perform penetration tests and vulnerability scans, as long as they are limited to your own cloud infrastructure. To avoid having these tests blocked by our protection mechanisms, OutSystems requests customers to submit a penetration test/vulnerability scan inquiry.
Performing Scans in your OutSystems PaaS Infrastructure
To perform penetration tests and vulnerability scans, you must request authorization to OutSystems at least 5 business days before the start date, for each test.
You should reach out to OutSystems Support and indicate the following information in the support ticket:
- Third Party Contact Information - If you will have a third party performing the test, please provide the Company Name, Your Contact at the Company, Phone and Email address.
- Scanning IP addresses (Source) - The IP addresses that will be scanning the infrastructure.
- Expected peak bandwidth - If you are using a commercially available vulnerability testing software, you can estimate Mbps per instance scanned.(eg. 5 Simultaneous scans x 100 Mbps = Peak Bandwidth 500Mbps)
- Dates and time zone for the tests:
- Start Date and Time (YYYY-MM-DD HH:MM UTC)
- End Date and Time (YYYY-MM-DD HH:MM UTC)
Please note, in case you need to change anything after your initial request, it will take 2 additional business days to provide confirmation.