Pen Testing

[calumcraig]

Have started initial research into tests we can run against the Jenkins environment.

[calumcraig]

As our Jenkins infrastructure is hosted on AWS we checked their policy with regards to pen testing:

https://aws.amazon.com/security/penetration-testing/

DDoS testing is explicitly prohibited so we will not proceed with that line of tests.

We are mostly following these best practices to mitigate DDoS attacks so don't consider it to be high risk.

https://aws.amazon.com/answers/networking/aws-ddos-attack-mitigation/

[calumcraig]

Some thoughts / notes here: https://hackmd.io/s/HkHYGoR6N

[S-Coyle]

SSL server test results now showing an A+