Solution Security
note
Security is of paramount importance to us. If you have any questions or concerns, please contact us.
Contact usProduct Security
Security of Artillery Pro when running in a customer's cloud environment is of utmost importance to us. Explicit design and architectural decisions have been taken to minimize risks and introduce no additional attack surface, such as:
- No inbound connections from the outside are possible to any Artillery Pro components deployed in a customer's cloud environment
- No changes to firewall, security group, or WAF configurations are required to deploy and use Artillery Pro
- Artillery Pro is deployed with industry-standard mechanisms (e.g. AWS CloudFormation on AWS), with deployment mechanism and configuration being auditable
- Artillery.io components running in a customer's cloud environment use IAM roles with access rules based on least privilege principles, and strictly scoped to only access the resources/sub-resources required for Artillery Pro's functionality
Data Security
Artillery Pro is a self-hosted on-premise product which means that by design Artillery.io employees or contractors have no access to the following (but not limited to) user data:
- IP addresses or hostnames of systems being tested, whether internal or external
- Geographical location of those systems
- Any static or dynamic data used by the tests, such as usernames, API keys, passwords, names, etc
- Test scripts and definitions themselves, including any YAML/JSON files and custom JS code
- Any other test metadata and configuration
- Any other personally identifiable information (PII)