Aws Sns Server Side Encryption Disabled

Description

Identifies AWS SNS topics that are not configured with server-side encryption (SSE). Without encryption, message content in SNS topics could be vulnerable to unauthorized access if other security controls are compromised. Server-side encryption adds an additional layer of data protection for sensitive messages.

Weakness:

165 - Insecure service configuration - AWS

Category: Functionality Abuse

Detection Strategy

• Retrieves all SNS topics in the specified AWS region

• For each topic, checks if the KmsMasterKeyId attribute is empty or missing

• Reports a vulnerability if a topic does not have a KMS key configured for server-side encryption

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.