Enterprises are increasingly running their IT and application infrastructure native.
This fundamentally changes the security models and enterprise threatscape. Using Cognito for authentication is quite popular nowadays specially in web and mobile apps.it’s been observed that Web and Mobile applications that are using Amazon Cognito or Identity Platform to manage authentication and authorization. However, due to misconfigured Amazon Cognito allows attackers to make most out of this misconfiguration.
In this session, we will talk about
* How AWS Cognito works ?
* What are the attack vectors to look for AWS Cognito mis-configuration?
* How attackers are able to exploit AWS Cognito mis-configurations?
* Some tips for developer folks.
Credit: Kavisha Sheth