# Safety Measures

To minimise the impact the pentest can have on your environment, the following safety mechanisms are in place.

{% hint style="success" %}
We strongly recommend to launch the pentest in staging, test or isolated environments
{% endhint %}

## Preventing pentests outside of intended scope

By design, the pentesting agents cannot reach domains that have not been explicitly approved during the setup of the pentest. Two security boundaries are in place:

1. **Attackable domains**: Domains that can be actively attacked during the pentest
2. **Reachable domains:** Domains that should not be actively attacked but are allowed to reach.

In the example configuration below, the pentesting agents can reach "portal.attack-me.com", "api.attack-me.com" and "login.attack-me.com" but are not going to attack "login.attack-me.com". All other domains are blocked.

<figure><img src="/files/nGwVhZ7ZKHem8HAqesba" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
**Note:** Requests containing static files or that are part of developer tool platforms are automatically marked Allowed (but will not be attacked)
{% endhint %}

## Cancel pentest any time

In case anything goes wrong during the pentest, the pentest can be cancelled at any time. This will terminate all ongoing actions and stop the pentest fully.

## Mitigating high server load

To minimize potential impact due to server load, the setup allows the configuration of the maximum requests per second that the pentest generates and the option to execute it in our outside of business hours.

<figure><img src="/files/VWi8AavJyGQtU6w09yv5" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.aikido.dev/pentests/configure-a-pentest/safety-measures.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.