1 Answer
- Newest
- Most votes
- Most comments
0
For a standard penetration test where the tester is given a user login and the public URL of the web app, it does not matter where/how that app is hosted. The actions required to mitigate/remediate any findings might be different for an app running on AWS, but the test process itself should be the same.
For assessing the security of your AWS account more generally, there are a number of tools available:
- AWS Trusted Advisor provides a number of security checks including for public Snapshots and S3 Objects, potential IAM misconfiguration, and unrestricted security group rules.
- The Security Pillar of the AWS Well-Architected Framework, which provides guidance and recommendations to design and operate secure AWS workloads. You can also self-assess your current workloads by conducting a Well-Architected Framework Review from the AWS console.
- Other Security, Identity and Compliance services that can help you address your data protection, logging, monitoring, and incident response needs on AWS.
- Third party tools, such as the ones you identified in your post.
For further assistance you might also consider engaging with a AWS Security Competency Partner - these partners are vetted by AWS and have a proven track-record of helping customers improve their cloud security posture.
answered 3 years ago
Relevant content
- asked 2 months ago
- asked 6 years ago
- asked 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago