Contact Free trial Login

Run Vulnerability Assessment and Penetration Tests

logo cloud active logo hybrid disabled logo server disabled logo rtf disabled

If your company security policies require that you perform vulnerability and penetration testing against Anypoint Platform, request a Security Assessment before proceeding.

Request a Security Assessment

To request a Security Assessment:

  1. Contact your MuleSoft Customer Success Manager to request the Security Assessment Request form and Security Assessment Agreement.

  2. Complete the request form and accept the agreement.

    For information required to complete the request form, see the knowledge article Complete the Security Assessment submission form.

  3. Send your completed Security Assessment Request form to securityassessment@salesforce.com.

    The automated system contacts you when your Security Assessment request is approved.

    Check your Spam folder for the automated reply before contacting Salesforce.

Run Penetration and Vulnerability Tests

Because penetration testing could interfere with other tenants, MuleSoft allows penetration testing on your workers but not on other Anypoint Platform services.

Salesforce does not address any vulnerabilities found with custom development. You must validate and fix any findings with your custom development.

Prerequisites

Before initiating penetration testing:

  • Enable static IPs for the app.

    By default, CloudHub workers do not use static IP addresses, so you can’t test them because their IP addresses might change. For information about how to enable static IPs, see Static IPs Tab Settings.

  • Assign a security resource at your company to review and validate findings from the tests.

Steps

After your Security Assessment request is approved, follow these steps:

  1. Run the penetration tests.

    The Security Assessment Agreement includes restrictions and requirements for testing.

  2. Have your security resource use the following documents to identify common false positives or security issues related to settings:

    You must complete this step before following up with Salesforce.
  3. Send any outstanding security vulnerability findings to security@salesforce.com.

    Include the following information in your email:

    • Confirmation number for your Security Assessment approved by Salesforce

    • Summary of all findings and associated severity level of each finding

    • Detailed assessment report noting each finding

    • Steps to reproduce the vulnerability

    • All applicable HTTP requests and responses

    • Explanation of why the example is considered a finding

    For more information about how to submit a security vulnerability finding, see the Security Vulnerability Finding Submittal Guide.

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub