AWS Top 10 Vulnerabilities

Published in

Bug Bounty Hunting

2 min readAug 21, 2021

Recently I came to know about this awesome site https://application.security which teaches security in the frontend itself. It is so amazing and UI is friendly that anyone would be able to understand it in clear and concise manner.

Especially the labs around cloud security is very good and will easily help to gain beginner level knowledge.

First it teaches how to find and exploit the vulnerability and later it teaches how we can fix and the LOC which was causing the issue.

Here are the AWS Top 10 security Labs which they have hosted and a link to get started:

Subdomain Takeover

Subdomain Takeover | Kontra

A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens…

application.security

S3 Bucket Public ‘READ’ Access

S3 Bucket Public 'READ' Access | Kontra

Granting public "READ" access to your S3 buckets can allow unauthorized users to list the objects available within the…

application.security

S3 Bucket Authenticated Users ‘WRITE’ Access

S3 Bucket Authenticated Users 'WRITE' Access | Kontra

Granting authenticated "WRITE" access to AWS S3 buckets can allow unauthorized users to upload, modify and delete S3…

application.security

PS: Check a real vulnerability I found in ANI news .

Hacking To Deface Into Indian News Media Outlet- ANI News Agency

DUE TO AMAZON AWS MISCONFIGURATION

medium.com

S3 Directory Traversal

S3 Directory Traversal | Kontra

Directory traversal is a type of attack that is used to gain unauthorized access to restricted directories and files…

application.security

Weak S3 POST Upload Policy

Insecure S3 POST Upload Policy | Kontra

AWS supports HTTP FORM-based file uploads to S3 via browsers (HTTP POST requests). Developers can declare HTML forms…

application.security

Lambda Command Injection

Lambda Command Injection | Kontra

Command Injection is a general type of attack that injects code that is then interpreted or executed by the…

application.security

Misconfigured Reverse Proxy

Misconfigured Reverse Proxy | Kontra

When developing software in cloud-native environments, reverse proxy servers are often used by developers as an…

application.security

Misconfigured AWS Cognito Attributes

Misconfigured AWS Cognito Attributes | Kontra

With Amazon Cognito "User Pools", developers can quickly add authentication features and workflows including sign up…

application.security

Misconfigured AWS Cognito profile allows self-registration

Misconfigured AWS Cognito Profile Allows Self-Registration | Kontra

Amazon Cognito is Amazon Web Services' service for managing user authentication and access control by providing a fully…

application.security

Excessive Logging

Leftover Debug Code | Kontra

Leftover debug comments or code can provide entry points for attackers to gain access through functionality that was…

application.security

Dangerous Dependencies

Dangerous Dependencies | Kontra

In modern applications, developers often use third-party packages and/or framework libraries from a variety of sources…

application.security

Lambda XXE Injection

Lambda XML Entity Injection | Kontra

XML External Entity (XXE) Injection is an attack targeting applications that transmit data between browser and server…

application.security

AWS Top 10 Vulnerabilities

Subdomain Takeover

Subdomain Takeover | Kontra

A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens…

S3 Bucket Public ‘READ’ Access

S3 Bucket Public 'READ' Access | Kontra

Granting public "READ" access to your S3 buckets can allow unauthorized users to list the objects available within the…

S3 Bucket Authenticated Users ‘WRITE’ Access

S3 Bucket Authenticated Users 'WRITE' Access | Kontra

Granting authenticated "WRITE" access to AWS S3 buckets can allow unauthorized users to upload, modify and delete S3…

Hacking To Deface Into Indian News Media Outlet- ANI News Agency

DUE TO AMAZON AWS MISCONFIGURATION

S3 Directory Traversal

S3 Directory Traversal | Kontra

Directory traversal is a type of attack that is used to gain unauthorized access to restricted directories and files…

Weak S3 POST Upload Policy

Insecure S3 POST Upload Policy | Kontra

AWS supports HTTP FORM-based file uploads to S3 via browsers (HTTP POST requests). Developers can declare HTML forms…

Lambda Command Injection

Lambda Command Injection | Kontra

Command Injection is a general type of attack that injects code that is then interpreted or executed by the…

Misconfigured Reverse Proxy

Misconfigured Reverse Proxy | Kontra

When developing software in cloud-native environments, reverse proxy servers are often used by developers as an…

Misconfigured AWS Cognito Attributes

Misconfigured AWS Cognito Attributes | Kontra

With Amazon Cognito "User Pools", developers can quickly add authentication features and workflows including sign up…

Misconfigured AWS Cognito profile allows self-registration

Misconfigured AWS Cognito Profile Allows Self-Registration | Kontra

Amazon Cognito is Amazon Web Services' service for managing user authentication and access control by providing a fully…

Excessive Logging

Leftover Debug Code | Kontra

Leftover debug comments or code can provide entry points for attackers to gain access through functionality that was…

Dangerous Dependencies

Dangerous Dependencies | Kontra

In modern applications, developers often use third-party packages and/or framework libraries from a variety of sources…

Lambda XXE Injection

Lambda XML Entity Injection | Kontra

XML External Entity (XXE) Injection is an attack targeting applications that transmit data between browser and server…

Written by Circle Ninja