Render Penetration Testing Policy

Render customers are welcome to carry out security assessments or penetration tests of their own Render-hosted services without prior approval from Render. This helps customers identify and remediate vulnerabilities in their application environments.

Prohibited testing

Direct testing of Render's core infrastructure, APIs, or other services not provisioned for the individual customer's use is strictly forbidden without explicit consent from Render.

Testing of another Render user's infrastructure is not permitted without explicit consent.

Engaging in any form of Denial of Service (DoS) testing against Render infrastructure including customer environments is expressly prohibited. Render provides free DDoS protection to all hosted services, and violating this policy by attempting DoS attacks jeopardizes the security and availability of services across our platform.

Communicating with Render

If you discover a security issue within the Render product, please submit a report to our Vulnerability Disclosure Program immediately.

If Render detects abusive activities related to your security testing, we will reach out to you to stop your activities.