Purpose
These rules help you evaluate the security of your cloud services without affecting other Huawei Cloud customers or the infrastructure of Huawei Cloud.
Any penetration test that does not comply with these rules is considered unauthorized. We reserve the right to pursue legal action for such unauthorized penetration testing.
Applicable Scope
These rules apply only to customers who have purchased cloud services from Huawei Cloud. It does not include products or services in Huawei Cloud KooGallery.
Rules for Customer's Penetration Testing on Huawei Cloud
Prohibited Testing Activities
1. Perform any type of DoS or DDoS tests.
2. Perform automatic tests that may generate heavy traffic.
3. Perform ARP spoofing, DNS hijacking, or poisoning attacks.
4. Scan or test the data or other assets of other Huawei Cloud customers.
5. Launch phishing or other social engineering attacks against Huawei employees.
6. Perform any penetration testing on Huawei Cloud infrastructure and public services, including the official website, IAM, NTP, and DNS.
Permitted Testing Activities
You can perform security evaluation and penetration testing on your service systems deployed on Huawei Cloud and the Huawei Cloud service instances you purchase at any time.
How to Report Security Issues to Us
Product security is very important to Huawei Cloud. If you suspect that there are security vulnerabilities in the Huawei Cloud website, products, or services, contact us via channels and security mechanism we provide on the following page: http://www.cqfng.cn/eu/securecenter/security.html