Artillery Pro Solution Security


Security is of paramount importance to us. If you have any questions or concerns, please contact us.

Contact us

Product Security

Security of Artillery Pro when running in a customer’s cloud environment is of utmost importance to us. Explicit design and architectural decisions have been taken to minimize risks and introduce no additional attack surface, such as:

  • No inbound connections from the outside are possible to any Artillery Pro components deployed in a customer’s cloud environment
  • No changes to firewall, security group, or WAF configurations are required to deploy and use Artillery Pro
  • Artillery Pro is deployed with industry-standard mechanisms (e.g. AWS CloudFormation on AWS), with deployment mechanism and configuration being auditable
  • Artillery.io components running in a customer’s cloud environment use IAM roles with access rules based on least privilege principles, and strictly scoped to only access the resources/sub-resources required for Artillery Pro’s functionality

Data Security

Artillery Pro is a self-hosted on-premise product which means that by design Artillery.io employees or contractors have no access to the following (but not limited to) user data:

  • IP addresses or hostnames of systems being tested, whether internal or external
  • Geographical location of those systems
  • Any static or dynamic data used by the tests, such as usernames, API keys, passwords, names, etc
  • Test scripts and definitions themselves, including any YAML/JSON files and custom JS code
  • Any other test metadata and configuration
  • Any other personally identifiable information (PII)