Customer testing
Customers may request authorization to perform security testing against their own Cloudryption tenant or deployment. Testing must be coordinated in advance to protect service availability, other customers, and Cloudryption infrastructure.
Required approval
- Testing dates and time window.
- Source IP addresses and tester identity.
- Target environment and tenant.
- Testing methods and tools.
- Emergency contact and stop condition.
Prohibited testing without written approval
- Denial-of-service or resource exhaustion testing.
- Social engineering, phishing, or physical attacks.
- Testing against other customer tenants or shared infrastructure.
- Attempting to access data that is not owned or authorized by the customer.
- Destructive testing, malware deployment, or persistence installation.
Reporting vulnerabilities
Send reports to security@cloudryption.com with steps to reproduce, affected URLs or components, impact, and supporting evidence. Cloudryption triages reports according to severity and exploitability.
Third-party reports
Enterprise customers may request available security-test summaries or attestations under appropriate confidentiality terms. Full raw reports may be shared only where permitted by the applicable agreement and test provider restrictions.
Need this in your enterprise security review?
Cloudryption can provide a security packet, technical walkthrough, and pilot evidence pack for your evaluation process.