Security testing your service behind Fastly

We understand the need for our customers to validate the security of their service behind Fastly.

To perform security testing of your Fastly service configurations, including penetration testing and DDoS testing, contact support at least two (2) business days before you begin any security testing. In your ticket, include these details:

• the IDs of the services that will be tested
• the source IP addresses of the test
• the date of the test
• the start and end time of the test, including the time zone
• the contact information for the individual or third party performing the test, including a phone number and e-mail address
• whether or not the security test is likely to lead to significantly increased traffic volume

The following requirements apply to any security testing you perform:

• Only test Fastly services you own or are authorized by the owner to test. You may not perform tests against other customers without explicit permission or against Fastly-owned resources.
• Do not begin testing until after Fastly has responded affirmatively to your ticket and authorized your request.
• Update the ticket if either the scope or timeframe of your testing changes.
• If you discover vulnerabilities in the Fastly platform during your test, update the ticket with your findings as soon as possible so we can address them.

Fastly maintains programs for security and technology compliance. To perform an independent audit of these programs, contact sales@fastly.com to discuss purchase of Assurance Services.