Tag: amazon-s3
Api Logging Disabled may lead to unable to access log and does not record the event.
Software system fails to properly track or release resources during its operation. This can lead to resource leaks.
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Sensitive or critical information is not encrypted before storage or transmission in the product.
An unencrypted bucket could lead to sensitive data exposure.
Using an AWS KMS key helps follow the standard security advice of granting least privilege to objects generated by the project.
Missing authentication checks can lead to unauthorized access to a resource or performance of an action.
Not setting the S3 bucket owner condition might introduce a risk of accidentally using a wrong bucket.