Keep your business running through any disruption. Continuous replication and automated failover ensure industry-leading RPO/RTO across our Dubai, Fujairah, and Vienna data centers.
Security
Penetration Testing Policy
Bamboozle Web Services permits customers to conduct penetration testing and security assessments against their own resources hosted on Bamboozle infrastructure, subject to the conditions set out in this policy. Prior written authorization from Bamboozle is required before any testing begins.
Permitted activities
With prior written authorization, the following activities are permitted against resources you own on Bamboozle infrastructure:
- Vulnerability scanning of your own virtual machines and servers
- Penetration testing of your own web applications and APIs
- Network scanning of your own IP address ranges
- Social engineering tests targeting your own organization's users
- Security configuration reviews of your own infrastructure
Prohibited activities
The following activities are not permitted under any circumstances:
- Testing of Bamboozle's own infrastructure, control panel, or APIs
- Testing of any resources you do not own or have explicit authorization to test
- Any activity that could impact other Bamboozle customers including excessive bandwidth consumption, CPU usage, or network flooding
- Denial of service attacks of any kind
- Testing from Bamboozle infrastructure against external third-party targets
- Attempts to access, exfiltrate, or modify other customers' data
- Physical security testing of Bamboozle or colocation facilities
Requesting authorization
To request authorization for a penetration test:
- Email [email protected] with the subject line "Penetration Test Authorization Request" at least 5 business days before the planned test start date.
- Include the following information in your request:
- Your Bamboozle account name and primary contact email
- The IP addresses or hostnames of the resources to be tested
- The planned test start and end dates and times (including timezone)
- A description of the testing activities planned
- The name and contact details of the organization conducting the test
- Bamboozle will review your request and respond within 3 business days with approval or a request for additional information.
- Testing may only begin after you have received written approval from Bamboozle.
During the test
- You must stay within the scope approved in your authorization request
- You must keep the test traffic within levels that do not impact other customers or the shared infrastructure
- If our Security Operations team contacts you during the test, you must respond promptly
- Stop testing immediately if requested by Bamboozle for any reason
Reporting findings
If your penetration test uncovers a vulnerability in Bamboozle's own infrastructure or services (as opposed to your own resources), please report it responsibly through our Vulnerability Disclosure process rather than including it in your test report.
Policy violations
Penetration testing conducted without prior authorization, or that exceeds the approved scope, is a violation of our Acceptable Use Policy and Terms of Service. Bamboozle reserves the right to suspend or terminate services and pursue legal remedies in cases of unauthorized testing activity.
Contact Us
To request authorization or for questions about this policy, contact [email protected].