Penetration tests for RStudio products


We recommend that customers do their own penetration tests of our products after they are installed and configured. The majority of security risks are related to how our products interface with internal systems such as databases. Internal tests ensure the integration points between RStudio products and your infrastructure are appropriately setup.

If you run a penetration test, please share your results with us. And if you encounter any issues you can send an email to Please check the Security FAQ for answers to many common security questions. 

RStudio Connect

An independent team has conducted a penetration test of RStudio Connect. As a policy, we do not share the results of that penetration test, but all medium and high-level risks were addressed.

RStudio Workbench / RStudio Server Pro

RStudio Workbench (previously RStudio Server Pro) has not been reviewed by an external penetration test.

Shiny Server Pro

RStudio does not have a penetration test report for Shiny Server Pro, but we have reviewed internal penetration tests from many customers who run their own tests.