Kontra AWS Top 10

KONTRA's AWS Top 10 is a series of free interactive application security training modules that teach developers how to identify and mitigate security vulnerabilities in their AWS-hosted cloud applications.

• Dangerous Dependencies

  

• Insecure S3 POST Upload Policy

  

• Lambda Command Injection

  

• Lambda XML Entity Injection

  

• Leftover Debug Code

  

• Misconfigured AWS Cognito Attributes

  

• Misconfigured AWS Cognito Profile Allows Self-Registration

  

• Misconfigured Reverse Proxy

  

• S3 Bucket Authenticated Users 'WRITE' Access

  

• S3 Bucket Public 'READ' Access

  

• S3 Directory Traversal

  

• Server Side Request Forgery

  

• Subdomain Takeover