Penetration Testing
Security testing policies and procedures.
Penetration Testing
Security testing policies and procedures.
QNSP testing
Internal testing
- Continuous automated scanning
- Regular penetration tests
- Red team exercises
Third-party testing
- Annual third-party penetration test
- Results available under NDA
Customer testing
Allowed testing
Customers may test their own tenant:
- API security testing
- Authentication testing
- Authorization testing
Requirements
- Notify security@cuilabs.io 5 days in advance
- Provide testing scope and timeline
- Use only your tenant
- No DoS/DDoS testing
- Report findings responsibly
Prohibited activities
- Testing other tenants
- Infrastructure attacks
- Social engineering QNSP staff
- Physical security testing
Bug bounty
Scope
- API vulnerabilities
- Authentication bypass
- Authorization flaws
- Data exposure
Rewards
| Severity | Reward |
|---|---|
| Critical | $5,000 - $15,000 |
| High | $1,000 - $5,000 |
| Medium | $500 - $1,000 |
| Low | $100 - $500 |
Reporting
Submit to security@cuilabs.io with:
- Detailed description
- Steps to reproduce
- Impact assessment
- Proof of concept
Vulnerability disclosure
- 90-day disclosure timeline
- Coordinated disclosure preferred
- Credit given to researchers