This article describes some of the pentest requirements of different cloud hosting providers.
When you set up a test with our app, we'll share network details that your security professionals or cloud hosting providers may need.
Amazon AWS no longer requires explicit authorization to conduct penetration tests against systems hosted in their cloud. You can review Amazon's policies here: https://aws.amazon.com/security/penetration-testing/.
Cobalt has an NDA with AWS.
Google Cloud Platform (GCP)
GCP emphasizes that pentests:
- Must abide by the platform's Acceptable Use Policy and Terms of Service
- Do not affect the applications of other customers
For more information, see https://support.google.com/cloud/answer/6262505.
Heroku provides authorization instructions at https://help.heroku.com/pentest-requests/new.
Microsoft Azure does not require pre-approval to conduct a penetration test against resources hosted in their cloud. For more information, see https://technet.microsoft.com/en-us/mt784683.aspx.
Rackspace OpenStack encourages you to create a ticket in your account before running a pentest.
Third party contact information
Cobalt Labs, Inc
c/o Mindspace 575 Market St 4th Floor
San Francisco CA 94105 USA.
+1 (415) 651-7028