Penetration Testing and Network Scanning
Last updated 24 May 2019
Coordinated penetration tests and network security scans are allowed on Heroku.
Heroku does not require authorization of standard security and penetration tests. These tests should be low volume and not appear to be denial-of-service attacks. Any large volume testing must follow our load testing guidelines.
If you find any vulnerabilities in our platform or any add-on services, please submit them via our bug bounty.