I am currently planning to do some web application vulnerability testing on an EC2 server with OWASP ZAP.
From my very quick google search, I found that AWS has stated that penetration testing services are allowed without approval ( https://aws.amazon.com/security/penetration-testing/ ).
However, to double down, I am wondering if anyone in the community has done this without issue.
Thanks!!!
Yes, I frequently ran ZAP scans in AWS while I was at Mozilla. They were of course all against apps that I was permitted to test. You should be fine unless someone complains - if they do that then Amazon are likely to send you a warning and then disable your account if you dont reply with a good explanation, or if it keeps happenning of course.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.