in Guide, Pentest

Amazon Cognito (Mis)Configurations

86 Views

Visit Direct Link

Enterprises are increasingly running their IT and application infrastructure native.
This fundamentally changes the security models and enterprise threatscape. Using Cognito for authentication is quite popular nowadays specially in web and mobile apps.it’s been observed that Web and Mobile applications that are using Amazon Cognito or Identity Platform to manage authentication and authorization. However, due to misconfigured Amazon Cognito allows attackers to make most out of this misconfiguration.

In this session, we will talk about

* How AWS Cognito works ?
* What are the attack vectors to look for AWS Cognito mis-configuration?
* How attackers are able to exploit AWS Cognito mis-configurations?
* Some tips for developer folks.

Credit: Kavisha Sheth

This post was created with our nice and easy submission form. Create your post!

What do you think?

0 Points
Upvote Downvote

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

WordPress Plugin Confusion: How an update can get you pwned

[CVE-2021-42008] Exploiting A 16-Year-Old Bug In Linux