1-Identify Security Requirements
-Define and Categorize Assets in AWS
-Create Classifications for Data and Applications
2-Deploy Solutions Designed to Solve Cloud Security Challenges
-Manage Cloud Access: Limiting
-Use Cloud-Native Security Solutions
-Protect All Your Perimeters and Segment Everything
-Maintain a Consistent Security Posture Throughout AWS Deployments
-Manage AWS accounts, IAM Users, Groups, and Roles
-Manage Access to Amazon EC2 Instances
3-Protect AWS Workloads
-Implement Cloud Workload Protection for Serverless and Containers
-Implement Proactive Cloud Security
-Define Incident Response Policies and Procedures
2-Append an extra file extension-If the application is not properly validating for the file extension, this can be exploited by appending another extension, for example from script.php to script.php.gif or script.gif.php
3-Change the casing of the extension-Try different combinations of lower and upper case, for example pHp, PhP, phP, Php etc