Rules for Performing External Security Scans
This document constitutes terms of use of certain Nebius Services, forms an integral part of the Nebius AI Services Agreement ("Agreement"), and sets the procedure for External Security Scans by Customer.
Capitalized terms used herein but not defined herein shall have the same meanings outlined in the Agreement or Linked Documents.
Customers who store their software at Platform may conduct External Security Scans for it. External Security Scans may be performed by Customer independently or by Customer's contractors for whom Customer remains liable for their acts and/or omissions as if they were their own.
Conditions for performance of External Security Scans
-
External Security Scan (the "Testing") can only be performed against an order or by a Customer with an active payment account;
-
Testing should not be aimed at any other resources of other Nebius customers or any common components of the Platform infrastructure;
-
It is strictly forbidden to use any tool in such a way that they perform malicious activities including but not limited to:
- DDoS attacks L3/L4 or its imitation,
- TCP SYN Flood / UDP Flood / ICMP Flood / spoofed packet DDoS or simulation,
- Fragmented UDP / ICMP / TCP (Teardrop),
- ICMP Smurf,
- Amplification attacks (DNS / NTP / LDAP / memcached, etc.).
-
Any port must be scanned non-aggressively;
-
It is forbidden to access the media or data of other customers or to execute any container escape attacks (e. g. a Virtual Machine escape);
-
Testing must not violate the terms and conditions of the Agreement according to whereto Customer has acquired access to Platform;
-
If a testing company or Customer believes to have discovered a potential security issue related to the Platform, the Customer must report this to technical support within 24 hours;
-
In case of unintentional access to the Content of other customers by the testing company, such testing company shall immediately stop Testing and inform Nebius thereof within one hour;
-
Customer shall be liable for any damage caused to Nebius or other customers of Platform, as caused by Testing due to failure to comply with these rules or provisions of Agreement.
Any extra matters may be discussed with the Nebius technical support.
External Security Scan is performed by the Customer entirely at his own expense. Due to External Security Scan, Nebius is not liable for potential damages and Customer Content losses.
Web address: https://nebius.ai/docs/legal/pentest
Publication date: October 30, 2023