Penetration Testing and Network Scanning
Last updated 22 June 2020
Coordinated penetration tests and network security scans are allowed on Heroku.
Heroku does not require authorization of standard security and penetration tests. These tests should be low volume and not appear to be denial-of-service attacks. Any large volume testing must follow our load testing guidelines.
To report vulnerabilities related to Heroku, email email@example.com and firstname.lastname@example.org. Valid findings will be considered for compensation in accordance with our bounty program rules.