Tag: efficiency

AWS insecure transmission CDK

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Use {} instead of new Object()

New Object() has been used for object creation instead of {}.

improper input validation cdk

Improper input validation can enable attacks and lead to unwanted behavior.

Use of Default Credentials CDK

The product relies on default credentials(including passwords and cryptographic keys) for potentially vital functions.

aws kmskey encryption cdk

Using an AWS KMS key helps follow the standard security advice of granting least privilege to objects generated by the project.

Inefficient polling of AWS resource

Custom polling can be inefficient and prone to error. Consider using AWS waiters instead.

Check failed records when using kinesis

A batch request that doesn't check for failed records can lead to loss of data.

AWS api logging disabled cdk

Api Logging Disabled may lead to unable to access log and does not record the event.

Improper Access Control CDK

The software does not restrict or incorrectly restrict access to a resource from an unauthorized actor.

Missing Authentication for Critical Function CDK

Missing authentication checks can lead to unauthorized access to a resource or performance of an action.

AWS missing encryption of sensitive data cdk

Sensitive or critical information is not encrypted before storage or transmission in the product.

Client-side KMS reencryption

Client-side decryption followed by encryption is inefficient and can lead to sensitive data leaks.

Exposure of Sensitive Information CDK

The product unintentionally grants unauthorized actors access to a resource by placing it in the wrong control sphere.

Missing Authorization CDK

Improper Access Control.

Insufficient Logging CDK

In the case of a security-critical event, the product fails to either log the event or misses crucial details in the logged information.

AWS client not reused in a Lambda function

Recreating AWS clients in each Lambda function invocation is expensive.