Using OWASP ZAP (and tools of the same purpose) on AWS EC2

Question

I am currently planning to do some web application vulnerability testing on an EC2 server with OWASP ZAP.

From my very quick google search, I found that AWS has stated that penetration testing services are allowed without approval (https://aws.amazon.com/security/penetration-testing/).

However, to double down, I am wondering if anyone in the community has done this without issue.

Thanks!!!

score 2 · Answer 1 · answered Feb 10 '21 at 09:40

2

Yes, I frequently ran ZAP scans in AWS while I was at Mozilla. They were of course all against apps that I was permitted to test. You should be fine unless someone complains - if they do that then Amazon are likely to send you a warning and then disable your account if you dont reply with a good explanation, or if it keeps happenning of course.

answered Feb 10 '21 at 09:40

Simon Bennetts

5,479
1
14
26

Thanks for the info Simon! I really appreciate it!!! – Sesario Imanputra Feb 11 '21 at 05:21
I would have written the same exact answer if it wasn't listed. – Mardin Yadegar May 18 '21 at 04:01

Using OWASP ZAP (and tools of the same purpose) on AWS EC2

1 Answers1