AWS Security Agent capabilities

Design security review — Reviews design and architecture documents to identify security risks. Upload documents through the web application, and the service analyzes them against your organizational security requirements. AWS Security Agent evaluates compliance with your defined security requirements such as approved authorization libraries, logging standards, and data access policies. This helps you catch insecure designs and policy violations early in the development process.

Code security review — Analyzes code in your code repositories to identify security vulnerabilities and violations of organizational security requirements across languages, frameworks, and architectures. After connecting AWS Security Agent to your repositories, you can enable it to automatically review pull requests against your defined security requirements and provide specific remediation guidance directly in your code repository platform. This ensures consistent enforcement of your security policies across all development teams.

On-demand penetration testing — Discovers, validates, reports and remediates security vulnerabilities in live web applications and APIs through tailored multi-step attack scenarios. Configure the service to create a pentest through the web application by specifying testing scope, authentication details, and resources. AWS Security Agent develops application context from provided source code and documentation and executes sophisticated attack chains to identify exploitable vulnerabilities that static analysis and conventional tools miss. It also provides ready-to-implement code fixes and creates pull requests directly into your code repository, enabling you to resolve vulnerabilities even faster.