Help Center/
Well-Architected Framework/
Well-Architected Framework and Practices/
Security Pillar/
Application Security/
SEC06 Application Security/
SEC06-05 Performing Penetration Testing
Updated on 2025-05-22 GMT+08:00
SEC06-05 Performing Penetration Testing
Penetration testing is a security assessment method that simulates the behavior of attackers and simulates real attack scenarios to assess the security of systems, applications, or networks. Penetration testing aims to discover security vulnerabilities, weaknesses, and potential security risks in the target system to help organizations improve their security measures, harden systems, and protect systems from real attacks.
- Risk level
High
- Key strategies
- Perform penetration testing for the entire system. You are advised to arrange the penetrating testing in the later period of the development phase to ensure that all system functions are close to the expected release status, and reserve enough time to resolve discovered issues.
- Use a structured process to determine the scope of penetration testing and maintain scenario relevance based on the threat models to ensure comprehensive assessment of system security.
- Use tools to automate common or repeatable tests to speed up penetration testing and improve efficiency.
- Analyze penetration test results to determine systematic security issues and provide useful information for further automated testing and developer training.
- Provide training for developers and make sure they know what the penetration test results mean and where they can obtain fixes. This will help resolve security issues in a timely manner.
Parent topic: SEC06 Application Security
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
