This type of testing of services is done
Posted: Wed Feb 12, 2025 10:38 am
This process involves testing both the positive and negative aspects of a product’s functionality. To do this, Amazon uses both black-box and white-box methodologies. “In a white-box test, the testing team has access to the source code and documentation of the service, so they have a direct opportunity to intentionally break something,” Schmidt said. “In a black-box test, they test how the service appears to an outsider and what happens when someone tries to break it. I would say it’s a very specific job description, since the person is paid to break things. It’s an interesting task, since the engineer has to put themselves in the shoes of the attacker, imagining their mentality and behavior. They have to be very critical of the services and think about what damage a person with criminal intent could do to them.”
continuously during the build of applications for technical norway whatsapp data control. “This happens from the very beginning of the development process, when the first lines of code appear, right up until the moment the product is released and continues further as we re-test our services over time,” Schmidt added.
From the inside out
Many of AWS’s cloud services and products are equipped with security features and functionality that were initially built for internal use but are later released to the outside world. “When we talk to customers about how we approach certain security issues, they often ask how AWS addresses these issues in-house,” Schmidt says.
While many of the company’s customers are responsible for hundreds or thousands of systems, AWS’s assets are measured in numbers with many more zeros, and off-the-shelf security tools don’t always do the job. “We can’t use standard security tools in this environment, so we have to build our own tools that can scale horizontally in a very large way. As a result, we’re often tempted to take what we’ve built internally and push it out to the outside world,” Schmidt says.
As an example of such systems, he points to the company’s home-grown efforts to develop a machine-learning product that evolved into the recently launched AWS Macie service. The service uses machine learning to, for example, discover, sort, and classify data stored in AWS Simple Storage Service (S3), training it to find information that could identify users or corporate intellectual property and therefore might need additional protection.
continuously during the build of applications for technical norway whatsapp data control. “This happens from the very beginning of the development process, when the first lines of code appear, right up until the moment the product is released and continues further as we re-test our services over time,” Schmidt added.
From the inside out
Many of AWS’s cloud services and products are equipped with security features and functionality that were initially built for internal use but are later released to the outside world. “When we talk to customers about how we approach certain security issues, they often ask how AWS addresses these issues in-house,” Schmidt says.
While many of the company’s customers are responsible for hundreds or thousands of systems, AWS’s assets are measured in numbers with many more zeros, and off-the-shelf security tools don’t always do the job. “We can’t use standard security tools in this environment, so we have to build our own tools that can scale horizontally in a very large way. As a result, we’re often tempted to take what we’ve built internally and push it out to the outside world,” Schmidt says.
As an example of such systems, he points to the company’s home-grown efforts to develop a machine-learning product that evolved into the recently launched AWS Macie service. The service uses machine learning to, for example, discover, sort, and classify data stored in AWS Simple Storage Service (S3), training it to find information that could identify users or corporate intellectual property and therefore might need additional protection.