Security testing

Testing is encouraged on any site going live on Silverstripe Cloud in order to understand your site’s ability to handle many concurrent requests and also to highlight any security flaws that may exist.

Before testing

Before testing begins we need to be made aware with at least 3 days notice. This notice period is so that we can notify our vendors - failure to alert us to a test or to test without approval may result in tests being blocked / abnormal test results.

Please notify us of your testing plans with the following details where relevant:

  • IP addresses where the testing will originate from. Please ensure that the external IP addresses of your testing service are provided and not private network IP addresses.
  • The amount of traffic intended to be generated during the test - provide GB or requests per second.
  • Name of the Silverstripe Cloud stack that will be tested against
  • The environment (Prod/UAT/Test) or domain that is intended to test against
  • If the site is using a WAF and the WAF is managed by Silverstripe, whether you would like your IP addresses whitelisted against the WAF in order to avoid the possibility of your IP addresses being blocked for suspicious activity
  • Requested testing dates and times
  • Contact details (phone number/email address) of the testers.

The three day period begins once all of this information is provided, we will then contact our vendors to confirm the details and get approval for the test.

Was this answer helpful? Yes No

Sorry we couldn't be helpful. Help us improve this article with your feedback.