Aws Serves Content Over Http
Description
Detects AWS CloudFront distributions that allow content to be served over insecure HTTP protocol. This exposes web traffic to potential interception and tampering since HTTP transmits data in plain text, unlike the encrypted HTTPS protocol.
Detection Strategy
• Lists all CloudFront distributions in the AWS account
• For each distribution, retrieves its detailed configuration
• Reports a vulnerability if the distribution settings allow HTTP traffic without requiring HTTPS
• Each finding includes the specific CloudFront distribution ARN and configuration details
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.