Skip to main content

Aws

Available solutions

  1. Unrestricted access between network segments - AWS
  2. Excessive privileges - AWS
  3. Business information leak - AWS
  4. Non-encrypted confidential information - AWS
  5. Authentication mechanism absence or evasion - AWS
  6. Use of an insecure channel - AWS
  7. Traceability Loss - AWS
  8. Automatic information enumeration - AWS
  9. Insecure service configuration - AWS
  10. Insecure service configuration - Bucket
  11. Non-encrypted confidential information - Hexadecimal
  12. Weak credential policy - Password strength
  13. Unrestricted access between network segments - RDS
  14. Lack of protection against deletion - RDS
  15. Insecure service configuration - IAM
  16. Automatic information enumeration - Open ports
  17. Non-encrypted confidential information - Redshift Cluster
  18. Non-encrypted confidential information - DynamoDB
  19. Traceability Loss - API Gateway
  20. Non-encrypted confidential information - DB
  21. Excessive privileges - Wildcards
  22. Unauthorized access to files - Debug APK
  23. Use of an insecure channel - HTTP
  24. Insecure service configuration - ELB
  25. Privilege escalation
  26. Serverless - one dedicated IAM role per function
  27. Security controls absence - Monitoring
  28. Insecure service configuration - Security Groups
  29. Insecure service configuration - KMS
  30. Non-encrypted hard drives
  31. Insufficient data authenticity validation - Cloudtrail Logs
  32. Unauthorized access to files - S3 Bucket
  33. Lack of protection against deletion - DynamoDB
  34. Weak credential policy - Password Expiration
  35. Lack of protection against deletion - ELB
  36. Non-encrypted confidential information - EBS Volumes
  37. Business information leak - Credentials
  38. Guessed weak credentials
  39. Non-encrypted confidential information - EFS
  40. Insecure service configuration - EC2
  41. Improper authorization control for web services - RDS
  42. Automatic information enumeration
  43. Insecure service configuration - DynamoDB
  44. Lack of protection against deletion - EC2
  45. Weak credential policy - Temporary passwords
  46. Insecure encryption algorithm - SSL/TLS
  47. Non-encrypted confidential information - S3 Server Side Encryption
  48. Insecure encryption algorithm - Default encryption
Last updated on