Fluid Attacks Database

Description

Detects when AWS Comprehend entity detection jobs are configured without encryption using a KMS key. Unencrypted job outputs could expose sensitive information extracted from analyzed text, including personally identifiable information (PII), since the results are stored without encryption at rest.

Weakness:

165 - Insecure service configuration - AWS

Category: Functionality Abuse

Detection Strategy

• Checks all Comprehend entity detection jobs in the AWS account and region

• Reports a vulnerability when a job's OutputDataConfig does not include a KmsKeyId

• Each unencrypted job will generate a separate vulnerability report with its specific JobArn

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.