BlueConic recognizes the need for our customers to run periodic penetration tests. Advance permission from BlueConic is required, however, because penetration testing is frequently indistinguishable from prohibited security violations and application/network abuse.

Permission can be requested by emailing [email protected] with the following information:

We will respond to the request within 48 hours by email. When such a request is initiated, we (BlueConic) must request permission for the penetration test from Amazon Web Services (AWS), who must grant permission before the test can take place. Information shared with us will always be kept confidential with BlueConic.

If accepted, you may conduct your testing through the conclusion of the period indicated. If you need more time for additional testing, reply to the mail asking to extend your test period to the new date. We must again request permission from AWS at this point, and the extension is not authorized until a new confirmation is received from us.

To prevent potential adverse performance impacts on resources you may be sharing with others:

If suspected vulnerabilities are found, you can file a report by emailing [email protected]. So that we may more effectively respond to your report, please provide any supporting material (proof-of-concept code, tool output, etc.) that would be useful in helping us understand the nature and severity of the vulnerability.

Once the report has been submitted, you will receive a non-automated response to your initial contact within 24 hours, confirming receipt of your reported vulnerability. BlueConic will then work to validate the reported vulnerability. If additional information is required in order to validate or reproduce the issue, BlueConic will work with you to obtain it. When the initial investigation is complete, results will be delivered to you along with a plan for resolution.

Please be aware that BlueConic uses AWS, who have their own policies: