You are currently reviewing an older revision of this page.

DRAFT KB-XXXX Vulnerability Testing

In general, Appian does not prescribe qualifying methods or vulnerabilities. However, to ensure high quality in both disclosure and response, assessment rules and specific activities that are expressly prohibited are as follows:

Assessment Rules

  • All planned security testing by customers must be submitted to Appian Technical Support at least 24 hours prior to testing via a support ticket.
  • Results with evidence should be submitted to Appian Support via a support ticket.
  • If submitting raw scan results, customers are required to submit additional evidence of validation of the vulnerability. Validation of security scan results typically include screenshots, script-outputs, or independent techniques to demonstrate the existence of the vulnerability.
  • Appian recommends performing assessments against a test or development site whenever possible, rather than a production site.
  • Customers should only perform testing against their own sites.

Prohibited Activity

  • Attempting to assess or access a site, system, or data that does not belong to you.
  • Social engineering/phishing of Appian employees.
  • Persistent or disruptive attacks against a site or system (e.g. Denial of Service attacks).

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: January 2018

© 2024 Appian. All rights reserved.
We want to hear from you! Submit a review on Gartner or G2.