I Pentested My Modernized Java App with AWS Security Agent

In Part 1, AWS Transform modernized the Spring Boot petclinic from Java 8 to Java 21 in a single agentic run—528 lines changed, 18 files, 100% build validation. The app was live. But a modernized app isn’t the same thing as a secure app.

So I pointed AWS Security Agent at the running petclinic and asked it to do what an attacker would: find every way in. This post documents the full experience—setup, the PR code review that fired automatically, the design review, and the live penetration test that found 3 Critical, 2 High, 3 Medium, 2 Low, and 3 Informational findings.

What is AWS Security Agent?

AWS Security Agent is an AI-powered security testing platform that runs penetration tests, code reviews, and design reviews against your applications. It deploys specialized AI agents through a four-phase approach: Preflight (connectivity validation), Static Analysis (code and configuration review), Penetration Testing (runtime vulnerability exploitation), and Finalizing (validation and reporting).

Unlike traditional scanners that pattern-match known signatures, the agent reasons about your application context—reading source code, understanding what each endpoint does, and crafting targeted multi-step attack scenarios. Every finding is validated through proof-based exploitation with reproducible attack paths.

Setting Up an Agent Space

AWS Security Agent is organized around Agent Spaces—workspaces that contain your security requirements, GitHub integrations, and test runs. Setup takes about 10 minutes.

Step 1 — Create an Agent Space

Navigate to AWS Security Agent in the console and click Set up. You configure the Agent Space name and choose user access: SSO via IAM Identity Center, or direct IAM-only access.

→ Set up AWS Security Agent — Agent Space named "Demo", SSO with IAM Identity Center selected. The agent creates an Agent Space and establishes a web application for design reviews and penetration tests.

Step 2 — Configure Security Requirements

AWS Security Agent comes with 10 managed security requirements based on industry standards, all enabled by default. These cover Authentication, Authorization, Audit Logging, Information Protection, Privileged Access, Secret Protection, Secure by Default, Tenant Isolation, and Trusted Cryptography.

→ Managed security requirements (10) — all enabled. Covers Audit Logging, Authentication Best Practices, Authorization Best Practices, Information Protection, Log Protection, Privileged Access, Secret Protection, Secure by Default, Tenant Isolation, and Trusted Cryptography.

Step 3 — The Agent Space Dashboard

Once set up, the Agent Space dashboard shows three capabilities: Design review (Ready), Code review (Needs setup), and Penetration testing (Needs setup). Each has its own configuration and integration path.

→ Demo Agent Space dashboard — Design review is Ready, Code review and Penetration testing need setup. Shows the web app URL and Admin access link.

Step 4 — Connect GitHub

For code review and pentest remediation, you connect a GitHub repository. Click Add integration, choose GitHub, and create a new registration linking the petclinic-legacy-demo repo.

→ Add integration modal — "Create new registration" selected, GitHub chosen for Issue tracking and Source repo integration.

Step 5 — Configure Pentest Domain

For the penetration test, you need to verify domain ownership. Navigate to Setup Pentest configurations and enter your target domain. AWS uses a DNS TXT record to confirm you own what you’re testing.

→ Setup Pentest configurations — Step 1: Configure domain. Target domain: vishnurachapudi.com, verification method: DNS TXT Record. Up to 5 domains can be added.

Step 6 — Manage GitHub Capabilities

When connecting the repo, you choose what the agent can do with it: code review analysis, pentest remediation, or both. I selected Security requirements and vulnerability findings—the most comprehensive option.

→ Manage capabilities — petclinic-legacy-demo repository connected (Public). Code review settings: "Security requirements and vulnerability findings" selected — analyzes PRs for both compliance and vulnerabilities.

PR Code Review — Automatic Security Scan on Merge

With the GitHub integration in place, AWS Security Agent automatically reviews pull requests. When the AWS Transform staging branch was merged into the main branch, the agent immediately picked it up.

→ Code review tab — GitHub org "vishnu" connected, petclinic-legacy-demo repository with Code review enabled. Security settings: Security requirements and vulnerability findings.

The pull request contained all 7 commits from the AWS Transform run (the 6 ATX Bot steps plus the initial aws transform commit). The security agent commented within seconds:

→ GitHub PR — Atx result staging PR #1, 7 commits, 19 files changed. aws-security-agent bot commented: "AWS Security Agent is reviewing your pull request and will post feedback shortly."

→ PR code review result — aws-security-agent bot: "No issues identified." The transformation changes passed the security review cleanly. No conflicts with base branch, ready to merge.

✅ The transformation PR passed clean. The AWS Transform agent produced changes that the security agent found no issues with—no hardcoded credentials, no insecure imports, no obvious vulnerabilities introduced by the migration.

Design Review — Architecture Analysis

Before the live pentest, I ran a design review. This is a static analysis of your architecture documentation against the 10 security requirements. You upload design files (Markdown, PDF, DOCX) and the agent evaluates compliance.

→ Create design review — name "demo", file "petclinic-architecture" (6.53 KB Markdown) uploaded for review against enabled security requirements.

The design review completed in seconds and returned a stark result:

→ Design review completed — 8 Non-compliant, 0 Insufficient data, 0 Compliant, 2 Not applicable. Files reviewed: petclinic-architecture (MD, 6.38 KB). Date completed: March 26, 2026, 22:56 UTC+5:30.

🚨 8 out of 10 security requirements: Non-compliant. The design review found violations across Authentication, Authorization, Log Protection, Secret Protection, Secure by Default, Tenant Isolation, Audit Logging, and Trusted Cryptography.

The 10 review findings showed every category as In Progress during analysis:

→ Review findings (10) — Log Protection, Secure by Default, Secret Protection, Trusted Cryptography, Information Protection, Authorization, Privileged Access, Tenant Isolation, Audit Logging, Authentication Best Practices — all In Progress.

The architecture document described a Spring Boot application with no Spring Security, open actuator endpoints, and no authentication framework—exactly what the design review flagged. This was the static signal before any live exploitation.

Configuring the Penetration Test

The live penetration test is configured in the AWS Security Agent web application. I named it "demo" and pointed it at the live petclinic URL.

→ Penetration test details — pentest name: "demo", Target URL: http://petclinc.vishnurachapudi.com:8080/, verified domain, no risk types excluded.

The agent supports 14 risk type categories. You can exclude any of them—I left all enabled:

→ Exclude risk types — full list: Arbitrary File Upload, Code Injection, Command Injection, Cross-Site Scripting (XSS), Insecure Direct Object Reference, JSON Web Token Vulnerabilities, Local File Inclusion, Path Traversal, Privilege Escalation, SSRF, SSTI, SQL Injection, XML External Entity.

As additional learning resources, I connected the petclinic-legacy-demo GitHub repository directly. This gives the agent access to source code context—improving coverage and precision for complex vulnerabilities.

→ Additional learning resources — Connected resources (1): petclinic-legacy-demo (Integrated repository, GitHub repository). "Create pentest" button to finalize.

After clicking Create pentest, the test was live immediately:

→ Pentest created — "The pentest has been successfully created." Demo pentest, Target URLs: 1 URL, Created: March 26, 2026, 22:54 (UTC+5:30). Status: No runs available yet, Start run button visible.

The Agent Runs — Live Attack Execution

Clicking Start run launches the agent. The four-phase pipeline begins immediately: Preflight, Static Analysis, Pentest, Finalizing.

→ Penetration test run overview — Job ID: pj-bb45c835-4ef0-4aa1-8e44-40dfc52047c1, Created: March 26, 2026, 22:54 (UTC+5:30), Status: In Progress, Duration: 14 seconds, Target: http://petclinc.vishnurachapudi.com:80. Four phase pipeline: Preflight, Static analysis, Pentest, Finalizing — all Not started.

Preflight: Infrastructure Setup

The agent first sets up logging infrastructure (CloudWatch log groups, S3), then validates endpoint accessibility. All checks passed—the petclinic was reachable and the testing environment was ready.

→ Pentest actions — Logging infrastructure setup: Succeeded. Setup testing environment: In Progress. Preflight validator (1): Endpoint accessibility validation: Succeeded.

The Agent Thinks Like an Attacker

What makes AWS Security Agent different from a scanner is the reasoning it applies. Here’s an example from the live task logs—the agent is validating whether hardcoded database credentials in config files pose a real risk, and it reasons through it explicitly:

→ Agent response log — "This is the Spring PetClinic application. The vulnerability report is about default credentials in configuration files. Key Question: Can I access the database using the default credentials petclinic:petclinic from my position as an external attacker? This is NOT about testing SQL injection — it's about whether the default database credentials pose a real security risk in this deployment."

The agent then probes database ports (3306 for MySQL, 5432 for PostgreSQL) with Python socket connections to determine reachability. It found them firewalled from the outside—so the default credentials finding was marked a false positive. That’s reasoning, not pattern matching.

49 Actions, Multiple Attack Categories

Over the course of the run, the agent executed 49 total actions across 15+ attack categories: network scanner, code scanner, information disclosure, authentication bypass, default credentials, security misconfiguration, IDOR, business logic vulnerabilities, cross-site scripting, SQL injection, command injection, code injection, path traversal, privilege escalation, and SSTI.

→ Actions panel showing 15+ action groups — Setup infrastructure (2), Preflight validator (1), Network scanner (2), Code scanner (3), Information disclosure, Authentication bypass, Default credentials, Security misconfiguration, Business logic vulnerabilities, and more.

Business Logic Testing In Action

The agent actively tested business logic edge cases, including race conditions in the pet name validation. Here it’s probing the duplicate validation bypass:

→ Business logic vulnerability validator task — "Validating State-Dependent Business Logic Vulnerable to Race Conditions". Task log shows agent checking for "help-inline" validation error in the HTML response using grep, confirming duplicate name validation behavior.

SQL Injection Testing

The owners endpoint was subjected to a comprehensive SQL injection battery. The agent created test records with payloads including Test' UNION SELECT NULL-- and Test'; DROP TABLE owners--, verifying they were stored as literals (not executed), confirming ORM parameterization works correctly:

→ Petclinic owners list showing SQL injection test payloads stored as literal names — "Test' UNION SELECT NULL--SQLInjectionTest", "Test'; DROP TABLE owners--SQLInjectionTest", "Test'--SQLInjectionTest". Stored as data, not executed — SQL injection not present.

→ SQL injection task log — Action group: Sql injection, Start time: 13:24, Duration: 4 minutes 1 second. Task description: comprehensive SQL injection assessment across all endpoints. Test Group 2: Pet and Visit Creation Forms, Test 2.1: Pet Name Field SQL Injection — Testing Baseline.

Command & Code Injection Testing

The agent ran 50 command injection payloads at 1 request per 0.6 seconds, testing separators, chaining, and encoding bypasses. Similarly for code injection:

→ Command injection log — 50 payloads tested including echo AGIYMZ$((69+52)), ||echo$IFSHCECZD$((65+26)), print(`echo WZLIFQ`) variants. Rate: 1 request per 0.6 seconds. Duration: 9 minutes 53 seconds.

→ Code injection log — Action group: Code injection, Duration: 5 minutes 39 seconds. Comprehensive assessment: SSI directives, XML/XXE, file upload bypass techniques, server-side code review for dangerous functions. Task logs (45): testing 500 error triggers, pet and visit form injection points.

The Attack Mess Left Behind

Because the petclinic has no authentication, the agent created test records freely as part of exploitation proof. The owners list became a visible record of every attack vector tested:

→ Owners page showing the full scope of pentest artifacts — XSS payloads like ">

🔎 The mess tells a story: every XSS payload, SQL injection string, SSTI template, and path traversal stored as literal text rather than executing confirms the application’s input handling is working. The findings came from architectural failures, not injection vulnerabilities.

13 Findings: What the Agent Actually Found

After the run completed, the Findings panel showed 18 total items (including false positives). The confirmed finding report contained 13 validated findings across the severity spectrum:

→ Findings panel — Complete Absence of Authentication and Authorization Controls (Confidence-High, Critical), No Authentication - Complete Data Exposure (Confidence-High, Critical), Unauthenticated Access to All Owner, Pet, and Visit Operations (Confidence-High, Critical) — plus Spring Boot Actuator findings and business logic issues.

3Critical

2High

3Medium

2Low

3Info

Critical Findings (CVSS 9.1–9.8)

CriticalComplete Absence of Authentication and Authorization ControlsCVSS 9.8

No Spring Security, no session management, no CSRF protection, no security headers. Every CRUD operation on owners, pets, and visits is publicly accessible. The agent created, read, updated, and deleted records without any credentials.

CriticalNo Authentication — Complete Data ExposureCVSS 9.8

All owner PII (names, addresses, phone numbers), pet records, and medical visit histories are accessible via sequential ID enumeration. The agent confirmed /login, /logout, and /authenticate all return 404 — no auth infrastructure exists.

CriticalUnauthenticated Access to All Owner, Pet, and Visit OperationsCVSS 9.1

Full CRUD demonstrated without credentials: owner enumeration via /owners?lastName= wildcard, unauthorized address modification of owner #3, pet creation for arbitrary owners, medical visit record insertion. All persisted to database.

The agent proved these findings with real exploitation evidence. Here’s the owners list showing data the agent created and modified during unauthenticated CRUD testing:

→ Petclinic owners list showing agent-created test records — "UpdatedTest UpdatedSecurity" (CRUD update proof), "CSRFTest NoCsrfToken" (CSRF bypass proof), "Modified Updated" (address modification proof), "Demo User" (final PoC). All created without any authentication.

High Findings

HighSpring Boot Actuator Management Endpoints Fully ExposedCVSS 7.5

All 15+ actuator endpoints publicly accessible. Critical: /actuator/heapdump returns an 80MB JVM memory dump with no authentication — can contain passwords, API keys, and session tokens. Also exposes 411 Spring beans, 45 URL mappings, 24 thread dumps, and 70 metrics.

HighUnauthenticated Access to Actuator Logger ConfigurationCVSS 8.6

Anonymous users can read and write logger levels at runtime via POST to /actuator/loggers/{package}. The agent demonstrated changing org.springframework.security log level to DEBUG and back — confirmed repeatable runtime config manipulation.

Medium Findings

MediumLack of Business Logic Validation for Visit DatesCVSS 5.3

Visit dates accept any ISO-8601 value including year 0001, year 9999, and empty strings. The agent successfully created visits dated 0001-01-01 and 9999-12-31, confirmed via response body.

MediumDuplicate Pet Name Validation Bypassed During UpdateCVSS 4.3

Duplicate name check only runs on pet.isNew() == true. The agent exploited this by updating an existing pet to match another pet’s name, creating two identically-named pets under the same owner.

MediumUnauthenticated REST API Exposing Veterinarian DirectoryCVSS 6.5

/vets endpoint returns the complete veterinarian list in JSON or XML with no auth, no rate limiting, and no pagination — all records returned on every request via findAll(). Exposes internal database IDs not present in the HTML interface.

Low & Informational Findings

🟡 Low — TOCTOU Race Condition

Concurrent pet creation requests bypass duplicate name validation. The agent achieved 100% bypass with 2 concurrent requests, 80% with 5. Database-level unique constraints are absent.

🟡 Low — Outdated Font Awesome 4.7.0

Font Awesome 4.7.0 (2016). No known CVEs, no exploitable vectors — but flagged as improper inventory management since it’s no longer maintained.

ⓘ Info — Outdated Java Version

The pre-transform pom.xml specified Java 1.8 (EOL 2019). Note: this was fixed by the AWS Transform migration in Part 1.

ⓘ Info — Exception Handler in Production

/oups endpoint always throws a RuntimeException. Debugging code present in production, accessible without auth, can be repeatedly triggered.

ⓘ Info — JPA Open-in-View Anti-Pattern

spring.jpa.open-in-view=true with FetchType.EAGER keeps DB connections open during the full request cycle, increasing connection pool exhaustion risk.

The Full Pentest Report

AWS Security Agent generated a downloadable PDF report with all 13 findings, CVSS v3.1 vectors, reproduction steps, and risk reasoning for each. The executive summary captures it well:

→ Penetration Testing Executive Summary — 12 confirmed findings: 3 Critical, 1 High, 3 Medium, 2 Low, 3 Informational. Most significant: complete absence of authentication. 6 findings classified as false positives after comprehensive testing (firewalled DB, H2 console disabled, mass assignment protected). 18 total findings examined, 1 initial endpoint expanded to 1 discovered endpoint through reconnaissance.

The agent also mapped every discovered endpoint during reconnaissance. Starting from a single URL, it discovered the full actuator surface and all application routes:

→ Discovered endpoints by AWS Security Agent — full tree from petclinc.vishnurachapudi.com: /actuator and all sub-endpoints (beans, caches, conditions, configprops, env, health, heapdump, info, loggers, mappings, metrics, scheduledtasks, threaddump), /error, /oups, /owners, /vets.html, /vets.

→ The Owners list at the end of the pentest — 207 pages of records created by the agent during testing: SQL injection test names, command injection payloads, IDOR-created records, race condition test pets, privilege escalation test accounts. A visible audit trail of everything attempted.

→ Pentest Report PDF — pentest-report-demo-1774602296162.pdf, 57 pages, Table of Contents showing all 13 findings from Complete Absence of Authentication through JPA Open-in-View Anti-Pattern.

Key Takeaways

🔐 Modernization ≠ Security

AWS Transform upgraded Java and dependencies correctly. It doesn’t add Spring Security, authentication frameworks, or CSRF protection—that’s application architecture, not a migration concern.

🤖 The Agent Reasons, Not Just Scans

It correctly dismissed the default credentials finding after probing DB ports and confirming they were firewalled. 6 false positives were filtered out before the report was generated.

📄 PR Reviews Are Automatic

Once GitHub is connected, every pull request gets a security review. The Transform PR passed clean—no issues in the migration changes themselves.

📈 Design Review is Fast and Brutal

8/10 security requirements Non-compliant from a single architecture doc. Run the design review before the live pentest to understand the blast radius.

⚠️ Actuator Endpoints Are a Real Risk

An 80MB heap dump with zero authentication is a critical finding in any Spring Boot app. Lock down management.endpoints.web.exposure.include before going to production.

🔎 The Attack Trail is Evidence

207 pages of owner records created by the agent is an audit trail of everything tested. The fact that SQL and command injection strings are stored as literals confirms input handling works.

🤖 The best part? You don’t have to fix it manually. AWS Security Agent can create a pull request and remediate the findings automatically—adding Spring Security, locking down Actuator endpoints, and patching business logic gaps through the same agentic workflow that found them.

AWS Security Agent Penetration Testing Spring Boot Security OWASP Authentication Bypass Actuator Exposure Agentic AI AppSec Part 2