Aws Virtual Gateway Tls Disabled
Description
Identifies AWS App Mesh Virtual Gateways that are configured without TLS encryption enabled. Virtual Gateways act as entry points to your service mesh, and lacking TLS encryption leaves network traffic vulnerable to eavesdropping and manipulation.
Detection Strategy
• Checks each Virtual Gateway in the specified AWS region within App Mesh
• Reports a vulnerability if a Virtual Gateway's listener configuration does not have TLS mode enabled
• Evaluates all Virtual Gateways across all App Meshes in the account for the given region
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.