Five9 Security Program
We encourage responsible security research on the Five9 services and products. Upon prior written approval we permit you to conduct vulnerability research and testing on the Five9 Services to which you have authorized access. Requests are to be sent to [email protected].
In no scenario shall your research and testing involve:
- Accessing, or attempting to access, accounts or data that does not belong to you or your Authorized Users
- Any attempt to modify or destroy any data
- Executing, or attempting to execute, a denial of service attack
- Sending, or attempting to send, unsolicited or unauthorized email, spam or other forms of unsolicited messages to any Five9 employee or contractor
- Testing third party websites, applications or services that integrate with Five9 Services
- Posting, transmitting, uploading, linking to, sending or storing malware, viruses or similar harmful software, or otherwise attempting to interrupt or degrade the Five9 services
- Any activity that violates any applicable law, or breaching any agreements in order to discover vulnerabilities
Issues not to Report
- Disclosure of known public files or directories (e.g. robots.txt)
- Banner disclosure on common/public services
- HTTP/HTTPS/SSL/TLS security header configuration suggestions
- Lack of Secure/HTTPOnly flags on non-sensitive cookies
- Phishing or Social Engineering Techniques
- Presence of application/web browser 'autocomplete' or 'save password' operations
- Sender Policy Framework (SPF) configuration suggestions
- DMARC configurations
- Clickjacking / UI Redressing
