Penetration Testing Policy

This policy is effective August 1, 2017.

While conducting a security test of your own application it is not permitted to directly test Auth0 infrastructure (e.g. without prior approval. Please notify us in advance via the Auth0 support center. We do not need to be notified if the test is isolated to your infrastructure.

It is not permitted to conduct any load testing (e.g. Denial of Service testing) as covered by the load testing policy.

Hosted and on-premise private SaaS customers may request permission to run a penetration test via the Auth0 support center.