Penetration testing, also called pen testing, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Web Applications are mainly penetrated against OWASP top 10 standards (https://www.cloudflare.com/learning/security/threats/owasp-top-10/) which are most common security vulnerabilities which an attacker can tries to exploit always.
When a cross origin request is initiated by a client app, Browsers make a preflight request before executing an actual request. Example: Assume that example.com makes an authenticated POST request to a server api.service.com. The browser makes an additional OPTIONS request to api.service.com before making the actual request.
Amazon Cognito user pool allows users to sign-in through an external identity provider (federation), such as Okta. A user pool integrated with Okta allows users in your Okta app to get user pool tokens from Amazon Cognito and authenticate apps that use cognito.