You must apply for a license to conduct penetration tests for Alibaba Cloud products.

Background information

You must use your Alibaba Cloud account to submit an application for a penetration test license, or your application form cannot be completed. If you need to commission a third party to conduct penetration tests, obtain the penetration test license before notifying the third party to conduct the tests.
Notice You can conduct penetration tests only on the resources that you own. You are strictly prohibited from testing resources owned by other Alibaba Cloud services or by Alibaba Cloud.
During a penetration test, if you believe that there are potential security risks affecting Alibaba Cloud or other Alibaba Cloud services, report these to Alibaba Cloud within 24 hours by email (security@service.alibaba.com) with risk information attached. Do not make such potential risks public, and do not disclose them to third parties before 90 days have passed. Alibaba Cloud will keep any information you provide confidential. Without your permission, Alibaba Cloud will not share any such information with third parties.
Note When the penetration test license expires, authorization automatically terminates.
  • Early test termination: If you have finished the tests early, terminate the application record early.
  • Test extension: To extend the penetration test license, submit an application for the license again.

Procedure

  1. Log on to the Alibaba Cloud Security Control console.
    Note Move your cursor to the account icon in the upper-right corner of the Alibaba Cloud console, and click Security Console to go to the Alibaba Cloud Security Control console.
  2. Choose Apply > Penetration Test Permission. On the page that is displayed, click Apply for penetration test permission.
  3. Select the IP address type. You can select Classic public IP for ECS instances, VPC public IP (public IP addresses or EIPs of ECS instances in VPCs), or public IP addresses for Server Load Balancer instances. Enter the IP addresses for the penetration tests (the IP addresses must be asset IP addresses that correspond to your current Alibaba Cloud account). Click OK to add a list of IP addresses.
    Note You can enter a maximum of 10 IP addresses.


  4. Click Next. Fill out the application form, specifying the start and end dates of the test, the source IP address used for the test, the test content, and the test procedures.
  5. Click OK to submit the application for the penetration test license. In normal cases, you will receive a reply one work day after the application is submitted.
    Note If you finish the penetration test early, select the corresponding application record on the penetration test license page and click Early termination.