Tag: amazon-s3
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Not setting the Amazon S3 bucket owner condition could lead to accidentally using the wrong bucket.
Using an AWS KMS key helps follow the standard security advice of granting least privilege to objects generated by the project.
Api Logging Disabled may lead to unable to access log and does not record the event.
Missing authentication checks can lead to unauthorized access to a resource or performance of an action.
Sensitive or critical information is not encrypted before storage or transmission in the product.
An unencrypted bucket could lead to sensitive data exposure.