Security testing

Testing is encouraged on any site going live on Silverstripe Cloud in order to understand your site’s ability to handle many concurrent requests and also to highlight any security flaws that may exist.

Before testing

Before testing begins we need to be made aware with at least 3 days notice. This notice period is so that we can adhere to AWS’ testing protocol - failure to alert us to a test or to test without approval will result in the testing IP addresses being blocked.

To notify us of your testing please send an email with the following information to

  • IP addresses where the testing will originate from. Please ensure that the external IP addresses of your testing service are provided and not private network IP addresses.
  • The amount of traffic intended to be generate during the test - provide GB or requests per second.
  • Name of the Silverstripe Cloud stack that will be tested against
  • The environment (Prod/UAT/Test) or domain that is intended to test against
  • If the site is using a WAF and the WAF is managed by Silverstripe, whether you would like your IP addresses whitelisted against the WAF in order to avoid the possibility of your IP addresses being blocked for suspicious activity
  • Requested testing dates and times
  • Contact details (phone number/email address) of the testers.

The three day period begins once all of this information is provided, we will then contact AWS to confirm the details and get approval for the test.