AWS Security ChangesHomeSearch

AWS securityagent documentation change

Service: securityagent · 2026-03-07 · Documentation low

File: securityagent/latest/userguide/perform-penetration-test.md

Summary

Clarified that third-party domains must be 'accessible' for AWS Security Agent to use them during testing, emphasizing operational requirements without changing functionality

Security assessment

Change improves clarity about requirements for third-party domains but does not address a security vulnerability or introduce new security features. It maintains existing security boundaries by reiterating that third-party domains are not tested.

Diff

diff --git a/securityagent/latest/userguide/perform-penetration-test.md b/securityagent/latest/userguide/perform-penetration-test.md
index cdd00d2d8..005c40afc 100644
--- a//securityagent/latest/userguide/perform-penetration-test.md
+++ b//securityagent/latest/userguide/perform-penetration-test.md
@@ -143 +143 @@ Specify domains that are required for the test but are not targets for vulnerabi
-Add domains for third-party services (such as Okta, Auth0, Stripe) that are outside your target domain. This is required so AWS Security Agent can access these URLs for login and navigation during testing. AWS Security Agent does NOT penetration test these domains—they are used solely for access purposes.
+Add accessible domains for third-party services (such as Okta, Auth0, Stripe) that are outside your target domain. This is required so AWS Security Agent can access these URLs for login and navigation during testing. AWS Security Agent does NOT penetration test these domains—they are used solely for access purposes.