Mastodon Vulnerability Testing: not permitted on Infosec.Exchange but might be allowed elsewhere
Infosec.Exchange is relied on by thousands of people so the Infosec.Exchange rules are designed to protect the service and the people who use it. Although the rules are not designed to discourage legitimate security research, please be aware that:
Rule #10: You may not do anything which may impact confidentiality, integrity or availability of Infosec.Exchange services, the infrastructure on which the service relies, the users of the service, or their data.
If you are looking for somewhere to test vulnerabilities of Mastodon, servers exist which are maintained specifically to allow this sort of testing:
| Domain | Maintainer | Mastodon Software | Description |
|---|---|---|---|
| https://bob.pwniverse.io | Jerry | Glitch-Soc | For security testing and maintained by Infosec.Exchange; Bob can only federate with Alice |
| https://alice.pwniverse.io | Jerry | Glitch-Soc | For security testing and maintained by Infosec.Exchange; Alice can only federate with Bob |
| https://cybervillains.com | Alex Stamos | Mastodon | This server was specifically built as a playground for security professionals to understand the security, privacy and safety issues of Mastodon. Unstable and crazy, as social media should be. |