Penetration Testing and Network Scanning
Last updated 22 June 2020
Coordinated penetration tests and network security scans are allowed on Heroku.
Heroku does not require authorization of standard security and penetration tests. These tests should be low volume and not appear to be denial-of-service attacks. Any large volume testing must follow our load testing guidelines.
To report vulnerabilities related to Heroku, email firstname.lastname@example.org and email@example.com. Valid findings will be considered for compensation in accordance with our bounty program rules.