Aws Anonymous Access
Description
Detects AWS API Gateway endpoints that allow anonymous access by having no authorization configured. Anonymous API endpoints can allow unauthorized users to access your APIs, potentially exposing sensitive functionality or data.
Detection Strategy
• Scans each method (GET, POST, etc.) configured on API Gateway resources
• Checks if the authorization type is set to 'NONE' for any method
• Reports a vulnerability when API methods are found without any authorization requirements
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.