| Assessment | Description | Score | |
|---|---|---|---|
| 100 - #Another Test |
#Another Test | None | Agent Select |
| 000 - #Testing 123 Data |
BMA mobile invokes a WebSocket integration via Imperva WAF → Azure API‑M. API‑M calls an internal Agent uAPI to retrieve AWS API Gateway credentials from Key Vault and brokers to a Health Assistant API fronted by AWS API Gateway. The Health Assistant interacts with Amazon Bedrock (AgentCore, LLMs, vector indexes) and persists conversation history in DynamoDB, linked to the user by BK OID embedded in a JWT. The solution proposes per‑message authorization, input validation, rate‑limiting, session controls and monitoring at API‑M/uAPI; and JWT/BK‑scope authorization at the AWS API Gateway/Health Assistant. | None | Agent Select |
| Data - Data Protection Data; API; Database; Storage |
Data protection ensures sensitive information remains secure, accurate, and accessible to those authorised, mitigating risks of loss or compromise | None | Agent Select |
| OWASP - OWASP: API Security 2023 API; Data; |
Insufficient API security risk management poses a critical threat, directly increasing the likelihood of data leakage. This vulnerability is worsened by inadequate security controls. | None | Agent Select |
| OWASP - OWASP: LLMs 2025 AI; LLM |
Risk & Mitigations for LLMs and Gen AI Apps outlining vulnerabilities and mitigations for developing and securing generative AI and large language model applications. | None | Agent Select |
| OWASP - OWASP: Mobile Security 2024 Mobile |
The OWASP Mobile Top 10 is the definitive catalogue identifying the most critical security risks inherent to mobile applications. | None | Agent Select |
| OWASP - OWASP: Web Security 2021 Web |
The OWASP Web Security 2021 Top 10 (2025 Coming Soon!!!) is a list of the most critical security risks to web applications. | None | Agent Select |