Help Center/
Well-Architected Framework/
Well-Architected Framework and Practices/
Security Pillar/
Cloud Security Governance Policies/
SEC01 Cloud Security Governance Policies/
SEC01-06 Identifying and Validating Security Measures
Updated on 2025-05-22 GMT+08:00
SEC01-06 Identifying and Validating Security Measures
Validate the security measures involved in the workloads based on the security baselines developed by the team and the results of the threat modeling analysis. Ensure the measures work as expected and effectively protect the system, mitigating or eliminating security threats.
- Risk level
High
- Key strategies
- Based on the security design documents of the system, verify that security measures are correctly integrated into the system and comply with best practices and standards.
- Review the system code as early as possible. (This process is called white-box security review.) Ensure the code complies with security best practices so that major vulnerabilities will not be left unresolved to subsequent phases.
- Use security test tools to perform tests such as static code analysis, dynamic code analysis, and vulnerability scan to detect potential security issues.
- Use attack simulation tools or techniques to simulate attack behaviors and analyze the security and weaknesses of the system.
Parent topic: SEC01 Cloud Security Governance Policies
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
