AWS securityagent documentation change
Summary
Added documentation for Verification Script section including instructions, environment variables handling, download process, and notes about AI-generated scripts requiring review before execution.
Security assessment
The change documents security verification processes but doesn't address a specific vulnerability. It enhances security awareness by emphasizing script review and responsible execution, but lacks evidence of fixing an existing security flaw.
Diff
diff --git a/securityagent/latest/userguide/review-penetration-findings.md b/securityagent/latest/userguide/review-penetration-findings.md index 5a0b1de03..54b85d288 100644 --- a//securityagent/latest/userguide/review-penetration-findings.md +++ b//securityagent/latest/userguide/review-penetration-findings.md @@ -192,0 +193,20 @@ If a finding displays the Unknown "This finding is not validated by AWS Security + 7. The Verification Script section provides an executable way to reproduce the finding. Expand this section (when available) to view: + + * **Instructions** – How to set up and run the verification script + + * **Environment variables** – Lists the required variables you must configure before running the script. Sensitive values are redacted for security. + + * **Download Script** – Choose to download the executable verification script + +###### Note + +Verification scripts are available only for confirmed vulnerabilities. The agent must have successfully generated and validated an executable reproduction script. + +###### Note + +Verification scripts are generated using generative AI. Review the script before execution and run it only against systems you are authorized to test. For guidance on testing AI-generated scripts responsibly, see the [AWS Responsible AI Policy](https://aws.amazon.com/ai/responsible-ai/policy/). + +###### Tip + +The verification script provides an executable way to reproduce the finding independently. Set the required environment variables with your own credentials, then run the script against your target system to confirm the vulnerability exists. + @@ -285,0 +306,2 @@ After reviewing your penetration test findings: + * Download, review, and run verification scripts in your test environment to test the scripts and identify vulnerabilities +