Amazon Inspector For Security Compliance
Written by Kay Ewbank   
Tuesday, 13 October 2015

Amazon has released an automated security assessment service that you can use to improve the security and compliance of applications deployed on AWS. It is currently in preview and by invitation only.

amazoninsp

Amazon Inspector is a new service that will assess applications for vulnerabilities or deviations from best practices. Once the assessment has been completed, you get a detailed report with prioritized steps telling you what to do to make the app more compliant. Vulnerabilities can be assessed before deployment or on apps running in a production environment. The way it works is that you deploy an agent onto the virtual servers you want to assess, select the tests you want to run, and execute the assessment.

The service is based on a knowledge base of hundreds of rules mapped to common security compliance standards and vulnerability definitions. Some of the built-in rules given as examples include checking for remote root login being enabled, or vulnerable software versions installed. The rules will be regularly updated by AWS security researchers. Rules include checks on how the app stacks up against best practices for authentication, network configuration, virtual machine settings, application settings, as well as OS configurations and patches. Inspector also checks against common security compliance standards (e.g. PCI), and vulnerabilities. The checks also include detailed recommended steps to remediate security issues.

Amazon Inspector also comes with APIs that you can use to carry out security testing while you’re developing and designing apps. You can select specific reports, run them and see the results. Amazon says Inspector can integrate with partner solutions like configuration management tools. The service includes SDKs consisting of libraries and sample code for various programming languages and platforms including Java, Python, Ruby, .NET, iOS and Android. The SDKs can be used to access to the Amazon Inspector service programmatically. There’s also an Amazon Inspector HTTPS API that lets you issue HTTPS requests directly to the service.

The service is fully integrated with AWS CloudTrail, so you can log of the security testing so that company compliance auditors can see what tests were performed and when, and what the results of those tests were. In addition to the built-in rules, you can create your own specifying the company standards and best practices for applications, and validate that applications are adhering to these standards.  

If you have an AWS account number you can sign up for an invitation for access to the Amazon Inspector Preview.  


aws

More Information

Amazon Inspector Preview

Related Articles

Amazon Web Services Adds API Gateway

Amazon Device Farm For Testing Across Devices

Amazon CloudWatch

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, FacebookGoogle+ or Linkedin.

 

Banner


Highlights Of The Europe 2024 PostgreSQL Conference
22/11/2024

This year's premium conference for PostgreSQL took place in Athens, Greece between October 22-25. The nice Athenian weather and cultural aspect aside, the conference was a big hit too.



C23 ISO Standard Is Here But You Probably Won't Read It
06/11/2024

At last ISO C23 has been published, but at $250 you probably aren't going to read it. Can we really tolerate this sort of profiteering on the work of others? This is worse than academic publishing!


More News

 

espbook

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Tuesday, 13 October 2015 )