Aws Listeners Not Using Https
Description
Detects Application Load Balancer (ALB) listeners that accept unencrypted HTTP traffic without redirecting to HTTPS. This poses a security risk as sensitive data transmitted between clients and the load balancer could be intercepted and read by malicious actors through man-in-the-middle attacks.
Detection Strategy
• Identifies a vulnerability when an ALB listener uses HTTP protocol (port 80)
• Excludes cases where HTTP listeners are configured to automatically redirect to HTTPS with a 301 redirect
• Ignores Kubernetes-managed load balancers (those tagged with 'elbv2.k8s.aws/cluster')
• Reports each non-compliant listener's ARN and protocol configuration as a separate vulnerability
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.