Penetration Testing

Penetration Tests (AKA Pen Tests) are automated security tests that can be performed to evaluate the security of a computer system.

We're occasionally informed by a customer, typically larger enterprises, that they're going to perform a pen test on their websites hosted by Aiir.

We don't object to this and there's no requirement to inform us in advance if you're going to do this.

However we know from experience that automated pen tests may easily get caught by our firewall and have their IP addresses quickly blocked by our automated systems.

Often what happens then is the person who is running the test contacts us and asks if the IP address being used by the test can be 'whitelisted' so it won't be blocked.

We may sometimes cooperate with these requests at our discretion, however we reserve the right to deny them.

Our systems are in place for a reason - to protect our infrastructure and to ensure the security and stability of our products and services for all of our customers.

In our experience, pen tests can be set up badly. Without any throttling in place, they can quickly send an enormous amount of traffic from a small number of IP addresses, threatening the stability of our services.

For this reason, we will err on the side of denying requests to be whitelisted. Conducting a test with a whitelisted IP address creates an unrealistic attack environment that no genuine threat would have the benefit of.