AWS Security Agent capabilities

AWS Security Agent provides three core security capabilities throughout your development lifecycle:

• Design security review — Reviews design and architecture documents to identify security risks. Upload documents through the web application, and the service analyzes them against your organizational security requirements. AWS Security Agent evaluates compliance with your defined security requirements such as approved authorization libraries, logging standards, and data access policies. This helps you catch insecure designs and policy violations early in the development process.

• Code security review — Analyzes code in your repositories and S3 sources to identify security vulnerabilities and violations of organizational security requirements across languages, frameworks, and architectures. Create code reviews in the web application to perform comprehensive scans of your full source code, or enable pull request comments to automatically review code changes in GitHub. AWS Security Agent provides specific remediation guidance and can automatically generate pull requests with code fixes for identified vulnerabilities. This ensures consistent enforcement of your security policies across all development teams.

• On-demand penetration testing — Discovers, validates, reports and remediates security vulnerabilities in live web applications and APIs through tailored multi-step attack scenarios. Configure the service to create a pentest through the web application by specifying testing scope, authentication details, and resources. AWS Security Agent develops application context from provided source code and documentation and executes sophisticated attack chains to identify exploitable vulnerabilities that static analysis and conventional tools miss. It also provides ready-to-implement code fixes and creates pull requests directly into your code repository, enabling you to resolve vulnerabilities even faster.