Tag: efficiency
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
New Object() has been used for object creation instead of {}.
Improper input validation can enable attacks and lead to unwanted behavior.
The product relies on default credentials(including passwords and cryptographic keys) for potentially vital functions.
Using an AWS KMS key helps follow the standard security advice of granting least privilege to objects generated by the project.
Custom polling can be inefficient and prone to error. Consider using AWS waiters instead.
A batch request that doesn't check for failed records can lead to loss of data.
Api Logging Disabled may lead to unable to access log and does not record the event.
The software does not restrict or incorrectly restrict access to a resource from an unauthorized actor.
Missing authentication checks can lead to unauthorized access to a resource or performance of an action.
Sensitive or critical information is not encrypted before storage or transmission in the product.
Client-side decryption followed by encryption is inefficient and can lead to sensitive data leaks.
The product unintentionally grants unauthorized actors access to a resource by placing it in the wrong control sphere.
In the case of a security-critical event, the product fails to either log the event or misses crucial details in the logged information.
Recreating AWS clients in each Lambda function invocation is expensive.