Tweet

Tushar Verma 🇮🇳

9 Nov, 14 tweets, 2 min read

AWS Security Testing Checklist

=Identity and Access Management

1-Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
2-Ensure credentials unused for 90 days or greater are disabled

3-Ensure access keys are rotated every 90 days or less
4-Ensure IAM password policy requires at least one uppercase letter
5-Ensure IAM password policy requires at least one lowercase letter
6-Ensure IAM password policy requires at least one symbol

7-Ensure IAM password policy requires at least one number
8-Ensure IAM password policy requires minimum length of 14 or greater
9-Ensure no root account access key exists
10-Ensure MFA is enabled for the "root" account

11-Ensure security questions are registered in the AWS account
12-Ensure IAM policies are attached only to groups or role
13-Enable detailed billing
14-Maintain current contact details
15-Ensure security contact information is registered

16-Ensure IAM instance roles are used for AWS resource access from instances
17-Avoid the use of the "root" account

=Logging

1-Ensure CloudTrail is enabled in all regions
2-Ensure CloudTrail log file validation is enabled

3-Ensure the S3 bucket CloudTrail logs to is not publicly accessible
4-Ensure CloudTrail trails are integrated with CloudWatch Logs
5-Ensure AWS Config is enabled in all regions
6-Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket

7-Ensure CloudTrail logs are encrypted at rest using KMS CMKs
8-Ensure rotation for customer created CMKs is enabled

= Networking

1-Ensure no security groups allow ingress from 0.0.0.0/0 to port 22
2-Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389

3-Ensure VPC flow logging is enabled in all VPC
4-Ensure the default security group of every VPC restricts all traffic

= Monitoring

1-Ensure a log metric filter and alarm exist for unauthorized API calls

2-Ensure a log metric filter and alarm exist for Management Consolesign-in without MFA
3-Ensure a log metric filter and alarm exist for usage of "root" account
4-Ensure a log metric filter and alarm exist for IAM policy changes

5-Ensure a log metric filter and alarm exist for CloudTrail configuration changes
6-Ensure a log metric filter and alarm exist for AWS Management Console authentication failures

7-Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs
8-Ensure a log metric filter and alarm exist for S3 bucket policy changes
9-Ensure a log metric filter and alarm exist for AWS Config configuration changes

10-Ensure a log metric filter and alarm exist for security group changes
11-Ensure a log metric filter and alarm exist for changes to NetworkAccess Control Lists (NACL)
12-Ensure a log metric filter and alarm exist for changes to network gateways

13-Ensure a log metric filter and alarm exist for route table changes
14-Ensure a log metric filter and alarm exist for VPC changes

Reference: github.com/swisskyrepo/Pa…

• • •

Missing some Tweet in this thread? You can try to force a refresh

This Thread may be Removed Anytime!

Twitter may remove this content at anytime! Save it as PDF for later use!

More from @e11i0t_4lders0n

Tushar Verma 🇮🇳

@e11i0t_4lders0n

5 Nov

If an LFI vulnerability exists, look for these files:

1-Linux system and user files:
/etc/passwd
/etc/shadow
/etc/issue
/etc/group
/etc/hostname
/home/user/
/home/user/.ssh
/home/user/bash_history

#bugbounty #bugbountytip #bugbountytips

2-Log files:
/var/log/apache/access.log
/var/log/apache2/access.log
/var/log/httpd/access_log
/var/log/apache/error.log
/var/log/apache2/error.log
/var/log/httpd/error_log

3-CMS configuration files:
WordPress: /var/www/html/wp-config.php
Joomla: /var/www/configuration.php
Dolphin CMS: /var/www/html/inc/header.inc.php
Drupal: /var/www/html/sites/default/settings.php
Mambo: /var/www/configuration.php
PHPNuke: /var/www/config.php

Read 5 tweets

Tushar Verma 🇮🇳

@e11i0t_4lders0n

5 Nov

DevSecOps Automation

1-Static Application Security Testing (SAST)
-SonarQube
-CxSAST (Checkmarx)
-Fortify
-Veracode Static Analysis (Veracode)

2-Software composition analysis (SCA)
-Blackduck
-WhiteSource
-Snyk
-Threatwatch
-CAST Highlight
-Dependency-Track
-Veracode Software Composition Analysis
-Whitehat Sentinel SCA Essentials

3-Dynamic application security testing (DAST)
-Acunetix WVS
-IBM Appscan
-Netsparker
-Burp Suite

Read 7 tweets

Tushar Verma 🇮🇳

@e11i0t_4lders0n

4 Nov

AWS Security Best Practices

1-Identify Security Requirements
-Define and Categorize Assets in AWS
-Create Classifications for Data and Applications

2-Deploy Solutions Designed to Solve Cloud Security Challenges
-Manage Cloud Access: Limiting
-Use Cloud-Native Security Solutions
-Protect All Your Perimeters and Segment Everything
-Maintain a Consistent Security Posture Throughout AWS Deployments

-Manage AWS accounts, IAM Users, Groups, and Roles
-Manage Access to Amazon EC2 Instances

3-Protect AWS Workloads
-Implement Cloud Workload Protection for Serverless and Containers
-Implement Proactive Cloud Security
-Define Incident Response Policies and Procedures

Read 4 tweets

Tushar Verma 🇮🇳

@e11i0t_4lders0n

28 Sep

File Upload Restriction Bypass Checklist

1-Try various file extensions-Try different versions of the file extensions, for example php3, .php4, .php5, phtml for PHP scripts, asp,aspx

#bugbounty #bugbountytip #bugbountytips

2-Append an extra file extension-If the application is not properly validating for the file extension, this can be exploited by appending another extension, for example from script.php to script.php.gif or script.gif.php