• Services
  • Blog
  • Knowledge Base
  • Contact
our services
  • Application Penetration Testing

    • X-Runtime Header Timing Attacks
    • wkhtmltopdf File Inclusion Vulnerability
    • API Mass Assignment Vulnerability
    • Web Server TRACE Enabled
  • AWS Pentesting

    • Misconfigured S3 Bucket
    • S3 Storage Does Not Require Authentication
  • DevOps Security

    • Securing Travis CI
  • Encryption

    • TLS 1.0 Initialization Vector Implementation Information Disclosure Vulnerability
    • OpenSSL ‘ChangeCipherSpec’ (CCS) MiTM Vulnerability
    • Null Ciphers Supported
    • ‘Export Ciphers’ Enabled
  • Network Penetration Testing

    • TLS_FALLBACK_SCSV Not Supported
    • PHP Easter Eggs Enabled
    • MySQL Multiple Vulnerabilities
    • Debian Predictable Random Number Generator Weakness
    • Cisco IKE Fragmentation Vulnerability
  • Pentesting Fundamentals

    • Testing Cookie Based Session Management
AWS Pentesting

Misconfigured S3 Bucket

our services

Overview

AWS S3 buckets are a widely used cloud storage service. S3 exposes two primary attack surfaces: HTTP and the S3 protocol. While most content will be accessed over HTTP, it is most important to verify bucket and object permissions via S3 itself. Below is a list of permissions which may be set on a bucket:

S3 Permission List
s3:GetBucketAcl
s3:GetBucketCORS
s3:GetLifecycleConfiguration
s3:GetBucketNotification
s3:GetBucketPolicy
s3:GetBucketTagging
s3:GetBucketWebsite
s3:PutBucketCORS
s3:PutLifecycleConfiguration
s3:PutBucketLogging
s3:PutBucketNotification
s3:PutBucketTagging
s3:PutBucketWebsite
s3:PutObject
s3:PutBucketAcl
s3:PutBucketPolicy

S3 in Penetration Testing

A traditional penetration test will often cover an application’s attack surface over HTTP, however may omit proprietary S3 test cases unless the assessor is well versed in AWS security.

Virtue Security has provided a free open source utility and Burpsuite extension to assess the security of S3 buckets. It is recommended this be used by testers when assessing applications which host content in S3 buckets.

Remediation

Virtue Security recommends that the access control list (ACL) be set to only allow full control for the bucket owner. This can be achieved by using the “private” canned ACL.

Regular reviews should be performed to ensure that proper permissions are set on all buckets. Care should be taken to ensure that excessive permissions are not granted to “authenticated users” which includes all authenticated users of the AWS platform.

References: http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html

← S3 Storage Does Not Require Authentication
wkhtmltopdf File Inclusion Vulnerability →
  • Services
  • Blog
  • Knowledge Base
  • Contact
Looking for a better
penetration test?

Make an appointment with an expert today

Request a meeting invite? (EDT)

Contact ASAP3:00 PM Today4:00 PM Today1:00 PM Tomorrow3:00 PM TomorrowOther / Just Send Info