Running a Security Audit (aka Vulnerability Scan or Penetration Test) or Performance Test Against the SaaS API Management Product Suite

Document ID : KB000012933
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Customers may have a requirement or desire to run a security audit or performance test against the SaaS API Management product suite, including SaaS Gateway nodes and SaaS Portal nodes.

Question:

What action is required before running a security audit or performance test against the SaaS API Management product suite? How can one be performed?

Environment:
This would affect all SaaS-related products, including the SaaS API Gateway and SaaS API Portal.
Answer:

Every security audit, penetration test, vulnerability scan, performance test, etc. requires approval from CA Technologies before being run.

CA Technologies requires all customers looking to run such tests to create a new support case with CA Technologies Support and provide the following information related to a planned test:

  • Planned start and end dates (including times and the related time zone)
  • Contact information for the person conducting the test
    • Name
    • Title/Role
    • Phone number
    • Email address
  • An estimate of the amount of bandwidth expected to be used during the test
  • Tools that will be used for the test, including:
    • Specific details of which test mode will be used in the tool
    • What values will be set for the test, what parameters will be used
    • Why the test is being conducted, what is the expected outcome of the test
    • All other relevant information pertaining to the test

CA Technologies will then address the request as soon as possible and will respond with an authorization number and a timeframe for how long the approval is valid.

All requests to run security audits or performance tests against the SaaS infrastructure must be made to CA Technologies Support and approved prior to running any tests. Any unauthorized tests may result in unintended consequences to maintain the security and stability of the infrastructure for all CA Technologies customers.

Additional Information: