AWS securityagent documentation change
Summary
Clarified domain verification rules (sub-domains of verified domain are included) and provided examples for out-of-scope URL paths
Security assessment
Changes are clarifications about domain verification scope and testing exclusions. No evidence of addressing a specific vulnerability; improves operational accuracy without security implications.
Diff
diff --git a/securityagent/latest/userguide/perform-penetration-test.md b/securityagent/latest/userguide/perform-penetration-test.md index aa2aceee6..30cd95d0d 100644 --- a//securityagent/latest/userguide/perform-penetration-test.md +++ b//securityagent/latest/userguide/perform-penetration-test.md @@ -78 +78 @@ Specify the verified domains that will be actively tested for security vulnerabi -Only verified domains can be tested. The URL must match a domain you’ve previously verified in AWS Security Agent. +Only verified domains can be tested. The URL must be under a domain you’ve previously verified in AWS Security Agent. Sub-domains of a verified domain do not require separate verification. @@ -93 +93 @@ Only verified domains can be tested. The URL must match a domain you’ve previo -For best results, include all domains that are part of your application’s user flow, including subdomains for APIs, authentication services, and content delivery. +For best results, include all domains that are part of your application’s user flow, including subdomains for APIs, authentication services, and content delivery. Sub-domains of a verified parent domain do not require separate verification. @@ -114 +114 @@ Excluding risk types limits the scope of testing. Only exclude risk types that a -Specify URL paths that should not be tested during the penetration test. +Specify URL paths that should not be tested during the penetration test. AWS Security Agent excludes the specified path and all paths nested beneath it. For example, if you add `https://example.com/admin` as an out-of-scope URL, `https://example.com/admin/tools` is also out-of-scope. @@ -287 +287 @@ Provide instructions to guide AWS Security Agent through your application’s au - 2. Enter detailed instructions describing how to access your application using the provided credentials. + 2. Enter instructions describing how to use the provided credentials in your application’s login flow. @@ -291 +291 @@ Provide instructions to guide AWS Security Agent through your application’s au -The agent login prompt is useful for complex authentication flows, multi-step login processes, or applications with non-standard login procedures. Include step-by-step instructions such as "Navigate to /login, enter username in the 'Email' field, enter password, and click 'Sign In'." +The agent login prompt tells the agent how to apply your credentials to your application. This is useful for complex authentication flows, multi-step login processes, or applications with non-standard login procedures. Include step-by-step instructions such as "Navigate to /login, enter username in the 'Email' field, enter password, and click 'Sign In'."