Amazon Inspector For Security Compliance
Written by Kay Ewbank   
Tuesday, 13 October 2015

Amazon has released an automated security assessment service that you can use to improve the security and compliance of applications deployed on AWS. It is currently in preview and by invitation only.

amazoninsp

Amazon Inspector is a new service that will assess applications for vulnerabilities or deviations from best practices. Once the assessment has been completed, you get a detailed report with prioritized steps telling you what to do to make the app more compliant. Vulnerabilities can be assessed before deployment or on apps running in a production environment. The way it works is that you deploy an agent onto the virtual servers you want to assess, select the tests you want to run, and execute the assessment.

The service is based on a knowledge base of hundreds of rules mapped to common security compliance standards and vulnerability definitions. Some of the built-in rules given as examples include checking for remote root login being enabled, or vulnerable software versions installed. The rules will be regularly updated by AWS security researchers. Rules include checks on how the app stacks up against best practices for authentication, network configuration, virtual machine settings, application settings, as well as OS configurations and patches. Inspector also checks against common security compliance standards (e.g. PCI), and vulnerabilities. The checks also include detailed recommended steps to remediate security issues.

Amazon Inspector also comes with APIs that you can use to carry out security testing while you’re developing and designing apps. You can select specific reports, run them and see the results. Amazon says Inspector can integrate with partner solutions like configuration management tools. The service includes SDKs consisting of libraries and sample code for various programming languages and platforms including Java, Python, Ruby, .NET, iOS and Android. The SDKs can be used to access to the Amazon Inspector service programmatically. There’s also an Amazon Inspector HTTPS API that lets you issue HTTPS requests directly to the service.

The service is fully integrated with AWS CloudTrail, so you can log of the security testing so that company compliance auditors can see what tests were performed and when, and what the results of those tests were. In addition to the built-in rules, you can create your own specifying the company standards and best practices for applications, and validate that applications are adhering to these standards.  

If you have an AWS account number you can sign up for an invitation for access to the Amazon Inspector Preview.  


aws

More Information

Amazon Inspector Preview

Related Articles

Amazon Web Services Adds API Gateway

Amazon Device Farm For Testing Across Devices

Amazon CloudWatch

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, FacebookGoogle+ or Linkedin.

 

Banner


Microsoft Open Sources GW-BASIC
27/05/2020

Microsoft has put the original 8088 assembly language sources  for its GW-BASIC interpreter from 10th February 1983 on GitHub in a repo marked "Archived". Although released under a MIT(OSI)  [ ... ]



Java At 25
22/05/2020

Java celebrates its 25th birthday on May 23rd 2020. It is a class-based, object-oriented, strongly-typed language known for its "write once run anywhere" philosophy. It is also regarded as the most wi [ ... ]


More News

 

graphics

 



 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Tuesday, 13 October 2015 )