Penetration testing policy

Kontent.ai welcomes customers to perform penetration testing of their websites and infrastructure created utilizing Kontent.ai application, provided that they comply with this Policy.

Rules & conditions

The conditions in Vulnerability Disclosure Policy apply. 

In the scope of this Penetration Testing Policy:

• Customers’ content created with Kontent.ai application
• Deliver API (https://deliver.kontent.ai)
• Deliver API GraphQL (https://graphql.kontent.ai)
• Preview Deliver API GraphQL (https://preview-graphql.kontent.ai)
• Preview Deliver API (https://preview-deliver.kontent.ai)

The following rules apply: 

• Denial of Service attacks or attacks that can cause Denial of Service is prohibited. This includes flooding attacks, (Simulated) (Distributed) Denial of Service, and application-level Denial of Service. 
• Stress testing is prohibited.
• Attacks on other customers' environments are prohibited unless they have given explicit written consent. 
• Attack vectors that may lead to exposure of other customer’s data are prohibited.
• The maximum allowed number of requests sent is
  • 100 per second
  • 2000 per minute.
• Any discovered vulnerabilities that may affect the security of Kontent.ai application itself or other customers’ environments shall be reported immediately to security@kontent.ai.

If you seek to perform testing that would violate any of the rules and conditions outlined above, contact Kontent.ai Security Team at security@kontent.ai.

Legal terms

In connection with your participation in this program, you agree to comply with the Terms of Service | Kontent.ai, and all applicable laws and regulations, including any laws or regulations governing privacy or the lawful processing of data. Kontent.ai reserves the right to change or modify the terms of this Policy at any time.

Safe harbor

Kontent.ai will not initiate a lawsuit or law enforcement investigation against you in response to performing penetration testing if you fully comply with this policy.