External Vulnerability Assessment and Penetration Testing on AWS
Security and compliance standards like PCI-DSS, FedRAMP, FISMA, HIPAA and MARS-E 2.0 require strong independent vulnerability assessments and penetration testing. Cloud-based applications hosted on commercial cloud services like Amazon Web Services (AWS) are within scope of such requirements. The manner of testing however requires carefully defining the scope and manner of testing. External Vulnerability Assessments and Penetration Testing is increasingly required to satisfy the requirements of both new regulations like California Consumer Privacy Act (CCPA), GDPR as well as mature standards like FedRAMP, FISMA, HIPAA and PCI-DSS to ensure the confidentiality, integrity and availability of digital information, it is essential to be well informed about vulnerability and penetration testing requirements.
Key to beginning an effective external vulnerability assessment and penetration test is to define the scope and objective.
Scope of Vulnerability Assessment and Penetration Testing
The scope of the testing must be defined and should include specific parameters including whether the focus is the code, the running application or the hosting infrastructure. Also, one must define if accessing or probing administrative functions, privileged user access and management functions are in scope. Normally, the vulnerability assessment and penetration testing are performed against a non-production environment to avoid adverse impact on production operations.
Read more on our blog site
