AWS securityagent documentation change
Summary
Added documentation for configuring custom HTTP headers during penetration tests, including steps to add/remove headers and default User-Agent behavior.
Security assessment
The change documents an optional configuration feature for penetration testing (a security activity) but shows no evidence of addressing a specific security vulnerability. It enhances security documentation by explaining header customization capabilities.
Diff
diff --git a/securityagent/latest/userguide/perform-penetration-test.md b/securityagent/latest/userguide/perform-penetration-test.md index 4e877ced8..f2eb6908f 100644 --- a//securityagent/latest/userguide/perform-penetration-test.md +++ b//securityagent/latest/userguide/perform-penetration-test.md @@ -157,0 +158,23 @@ Add accessible domains for third-party services (such as Okta, Auth0, Stripe) th +### Add custom HTTP headers (optional) + +Specify custom HTTP headers that will be added to any requests made by AWS Security Agent during penetration testing. + + 1. Locate the **Custom HTTP headers** section. + + 2. Click in the input field and enter a header name and value that will be associated with outbound requests. + +###### Note + +By default, AWS Security Agent will add a custom header for **User-Agent** set to **securityagent** unless a different custom **User-Agent** header value is specified. + + 3. To add multiple custom headers: + + 1. Click **Add header**. + + 2. Enter each additional custom header. + + 4. To remove a custom header, click **Remove** next to the header. + + + +