Open S-Coyle opened 5 years ago
As our Jenkins infrastructure is hosted on AWS we checked their policy with regards to pen testing:
https://aws.amazon.com/security/penetration-testing/
DDoS testing is explicitly prohibited so we will not proceed with that line of tests.
We are mostly following these best practices to mitigate DDoS attacks so don't consider it to be high risk.
https://aws.amazon.com/answers/networking/aws-ddos-attack-mitigation/
Some thoughts / notes here: https://hackmd.io/s/HkHYGoR6N
SSL server test results now showing an A+
Have started initial research into tests we can run against the Jenkins environment.