We recommend that customers do their own penetration tests of our products after they are installed and configured. The majority of security risks are related to how our products interface with internal systems such as databases. Internal tests ensure the integration points between RStudio products and your infrastructure are appropriately setup.
If you run a penetration test, please share your results with us. And if you encounter any issues you can send an email to firstname.lastname@example.org. Please check the Security FAQ for answers to many common security questions.
An independent team has conducted a penetration test of RStudio Connect. As a policy, we do not share the results of that penetration test, but all medium and high-level risks were addressed.
RStudio Workbench / RStudio Server Pro
RStudio Workbench (previously RStudio Server Pro) has not been reviewed by an external penetration test.
Shiny Server Pro
RStudio does not have a penetration test report for Shiny Server Pro, but we have reviewed internal penetration tests from many customers who run their own tests.