Rules for Customer's Penetration Testing on Huawei Cloud

Purpose

  •

    These rules help you evaluate the security of your cloud services without affecting other Huawei Cloud customers or the infrastructure of Huawei Cloud. Your penetration testing on Huawei Cloud shall comply with rules on this page and requirements stated in Huawei Cloud Customer Agreement.

    Any penetration test that does not comply with these rules is considered unauthorized. We reserve the right to pursue legal action for such unauthorized penetration testing.

Applicable Scope

Applicable Scope

  •

    These rules apply only to customers who have purchased cloud services from Huawei Cloud. It does not include products or services in Huawei Cloud KooGallery.

Rules for Customer's Penetration Testing on Huawei Cloud

Rules for Customer's Penetration Testing on Huawei Cloud

Terms & Conditions

活动对象:华为云电销客户及渠道伙伴客户可参与消费满送活动,其他客户参与前请咨询客户经理

活动时间: 2020年8月12日-2020年9月11日

活动期间,华为云用户通过活动页面购买云服务,或使用上云礼包优惠券在华为云官网新购云服务,累计新购实付付费金额达到一定额度,可兑换相应的实物礼品。活动优惠券可在本活动页面中“上云礼包”等方式获取,在华为云官网直接购买(未使用年中云钜惠活动优惠券)或参与其他活动的订单付费金额不计入统计范围内;

Ok
  • Prohibited Activities

    ● Perform any type of DoS or DDoS tests.

    ● Perform automatic tests that may generate heavy traffic.

    ● Perform ARP spoofing, DNS hijacking, or poisoning attacks.

    ● Scan or test the data or other assets of other Huawei Cloud customers.

    ● Launch phishing or other social engineering attacks against Huawei employees.

    ● Perform any penetration testing on Huawei Cloud infrastructure.

  • Permitted Activities

    You can perform security evaluation and penetration testing on your service systems deployed on Huawei Cloud and Huawei Cloud services you purchase at any time.

  • Recommended Activities

    ● Huawei Cloud Managed Detection Response (MDR) is recommended for security evaluation and penetration testing.

    ● Security services in Huawei Cloud KooGallery are also recommended for security evaluation and penetration testing.

How to Report Security Issues to Us

Product security is very important to Huawei Cloud.

If you suspect that Huawei Cloud resources are being used inappropriately or encounter any security vulnerabilities in the Huawei Cloud website, products, or services, please email hwssecurity@huaweicloud.com. For a more effective response to your report, please provide supporting materials, such as vulnerability reproduction conditions, proof-of-concept code, the IP address of the resource being used inappropriately, and suspicious behavior logs, to help the security response team understand the issue thoroughly. During the vulnerability handling, Huawei Cloud will limit the vulnerability information to be transferred to the minimum scope that is necessary for fixing the vulnerability. We would appreciate it if you keep the vulnerability information confidential before a solution is available. We will reply to all feedback. You will receive a confirmation email within one working day of your initial feedback.