Home
Learn
TutorialsTrainingKnowledge BaseReferenceJavaScript API
Build
ThemesData ConnectorsWidgets
Support
Ask UsAsk the CommunityReport a BugPolicies
Links
Cloud PortalAbout Verj.io
Login
Back

Verj.io Service Plan Security Assessment Policy

As a Verj.io Service Plan owner, you are responsible for carrying out security assessments on applications hosted in your Verj.io Service Plans.

Security Assessment

Security assessment refers to all activities undertaken to evaluate the effectiveness of the security controls in your Verj.io Cloud hosted applications, including:

  • Port scanning.
  • Vulnerability scanning/checks.
  • Penetration testing.
  • Exploitation.
  • Web application scanning.
  • Injection, forgery, or fuzzing activity performed against your applications.

Verj.io Service Plan Security Assessment

You may perform appropriate security assessments on applications hosted in your Verj.io Service Plans, without prior approval, if:

  • All security assessment activities comply with the Verj.io Acceptable Use Policy.
  • Our Support Helpdesk is informed of all security issues within 24 hours of their detection.
  • You provide details of your security assessment results upon request. All such information will be treated confidentially, but general and anonymised information may be shared with other Verj.io Service Plan owners to protect the security of the Verj.io Cloud.

Not Permitted Assessment Activities

The following activities are not permitted during a security assessment:

  • Denial of Service (DoS).
  • Distributed Denial of Service (DDoS).
  • Simulated DoS.
  • Simulated DDoS.
  • Port flooding.
  • Protocol flooding.
  • Request flooding. For example, login request flooding and API request flooding.

You are not permitted to conduct any security assessments of Verj.io Service Plans that are not part of your subscription.

You also are not permitted to conduct security assessments of the Verj.io Cloud’s services, features, or infrastructure. This includes the Verj.io Cloud Portal.

Use of Security Assessment Tools and Services

We offer significant flexibility in the security assessment tools and services that can be used to perform security assessments of your Verj.io Service Plans, while protecting other customers and ensuring quality-of-service across the Verj.io Cloud.

We do not limit the selection of tools or services used to perform security assessments of applications hosted in the Verj.io Cloud.

However, tools or services that include Denial-of-Service (DoS) or simulation of DoS attack capabilities must have the explicit ability to disable, or otherwise render harmless, that DoS capability. Otherwise, that tool or service may not be used for security assessments involving any part of the Verj.io Cloud, including Verj.io Service Plans.

A security assessment tool that solely performs a remote query of your Verj.io Service Plan to determine a software name and version, such as banner grabbing, for the purpose of comparison to a list of versions known to be vulnerable to DoS, is permitted.

It is the sole responsibility of the Verj.io Service Plan subscription owner to:

  • Ensure that the tools and services used to perform a security assessment are properly configured and successfully operate in a manner that does not perform DoS attacks or DoS simulations.
  • Independently validate that any tool or service used does not perform DoS attacks, or simulations of such, prior to any security assessment involving the Verj.io Cloud.
  • Ensure that contracted third parties perform security assessments in a manner that does not violate this policy.

Please note that the Verj.io Service Plan subscription owner is responsible for any damages to the Verj.io Cloud, or other Verj.io Cloud customers, caused by security assessment activities.