Penetration testing

Last updated: November 18, 2024

Edit on GitHub

This document describes the aspects to consider while preparing and conducting a penetration test.

General considerations

Penetration tests are an integral part of improving the security of your application. We strongly encourage our customers and partners to conduct penetration tests, especially during go-live preparations and after major updates or project milestones.

Preparation for a penetration test

Let us know about your plans to run a penetration test by reaching out to secops@spryker.com and by completing the Penetration Test Request Form. Make sure to provide at least a seven working days’ notice. Take into account the AWS Penetration Testing Policy, which outlines prohibited activities.

A penetration test may get blocked by Web Application Firewalls (WAF) or other security mechanisms. Consider whitelisting the IPs used in a test. You can request WAF whitelisting by creating an Infrastructure Change Request on the Support Portal.

Was this article helpful?

Tell us what could be better

Name (Optional)

Email (Optional) Invalid email format.

Type your thoughts here

We appreciate the time you took to share the feedback
and will consider it as soon as possible.

Penetration testing

General considerations

Preparation for a penetration test

Thank you!