This is an old revision of the document!
Mastodon Vulnerability Testing: not permitted on Infosec.Exchange but might be allowed elsewhere
Infosec.Exchange is relied on by thousands of people so the Infosec.Exchange rules are designed to protect the service and the people who use it. Although the rules are not designed to discourage legitimate security research, please be aware that:
Rule #10: You may not do anything which may impact confidentiality, integrity or availability of Infosec.Exchange services, the infrastructure on which the service relies, the users of the service, or their data.
If you are looking for somewhere to test vulnerabilities of Mastodon, servers exist which are maintained specifically to allow this sort of testing:
| Domain | Maintainer | Description |
|---|---|---|
| https://cybervillains.com | Alex Stamos | This server was specifically built as a playground for security professionals to understand the security, privacy and safety issues of Mastodon. Unstable and crazy, as social media should be. |
@jerry has discussed the possibility of standing up two separate testing instances, federated only with each other.