Question
I would like to perform a penetration test. Do I need authorization from Zendesk?
Answer
No, you don't need authorization from Zendesk to perform a penetration test. You can perform this test anytime, but the Zendesk team recommends avoiding Thursdays. Zendesk usually runs deployments on Thursdays, which may cause scanners to report false positives or false negatives.
To do the test, you must abide by the terms of the Responsible Disclosure Policy and ensure you follow the HackerOne guidelines:
- No test likely to cause service outages for other tenants will be tolerated, such as DoS, DDoS, or RDDoS
- Social engineering Zendesk or sub-contractor activities aren't allowed
Once you complete the test, submit your results to security@zendesk.com so the team can identify any issues.
0 comments
Please sign in to leave a comment.