AWS Security ChangesHomeSearch

AWS securityagent documentation change

Service: securityagent · 2026-05-07 · Documentation low

File: securityagent/latest/userguide/perform-penetration-test.md

Summary

Clarified domain verification rules (sub-domains of verified domain are included) and provided examples for out-of-scope URL paths

Security assessment

Changes are clarifications about domain verification scope and testing exclusions. No evidence of addressing a specific vulnerability; improves operational accuracy without security implications.

Diff

diff --git a/securityagent/latest/userguide/perform-penetration-test.md b/securityagent/latest/userguide/perform-penetration-test.md
index aa2aceee6..30cd95d0d 100644
--- a//securityagent/latest/userguide/perform-penetration-test.md
+++ b//securityagent/latest/userguide/perform-penetration-test.md
@@ -78 +78 @@ Specify the verified domains that will be actively tested for security vulnerabi
-Only verified domains can be tested. The URL must match a domain you’ve previously verified in AWS Security Agent.
+Only verified domains can be tested. The URL must be under a domain you’ve previously verified in AWS Security Agent. Sub-domains of a verified domain do not require separate verification.
@@ -93 +93 @@ Only verified domains can be tested. The URL must match a domain you’ve previo
-For best results, include all domains that are part of your application’s user flow, including subdomains for APIs, authentication services, and content delivery.
+For best results, include all domains that are part of your application’s user flow, including subdomains for APIs, authentication services, and content delivery. Sub-domains of a verified parent domain do not require separate verification.
@@ -114 +114 @@ Excluding risk types limits the scope of testing. Only exclude risk types that a
-Specify URL paths that should not be tested during the penetration test.
+Specify URL paths that should not be tested during the penetration test. AWS Security Agent excludes the specified path and all paths nested beneath it. For example, if you add `https://example.com/admin` as an out-of-scope URL, `https://example.com/admin/tools` is also out-of-scope.
@@ -287 +287 @@ Provide instructions to guide AWS Security Agent through your application’s au
-  2. Enter detailed instructions describing how to access your application using the provided credentials.
+  2. Enter instructions describing how to use the provided credentials in your application’s login flow.
@@ -291 +291 @@ Provide instructions to guide AWS Security Agent through your application’s au
-The agent login prompt is useful for complex authentication flows, multi-step login processes, or applications with non-standard login procedures. Include step-by-step instructions such as "Navigate to /login, enter username in the 'Email' field, enter password, and click 'Sign In'."
+The agent login prompt tells the agent how to apply your credentials to your application. This is useful for complex authentication flows, multi-step login processes, or applications with non-standard login procedures. Include step-by-step instructions such as "Navigate to /login, enter username in the 'Email' field, enter password, and click 'Sign In'."