Internet-Scale analysis of AWS Cognito Security

Just published the white-paper for my latest research: Internet-Scale analysis of AWS Cognito Security.

The white-paper contains the methodology and results of an internet-scale security analysis of AWS Cognito configurations. The research identified 2500 identity pools, which were used to gain access to more than 13000 S3 buckets (which are not publicly exposed), 1200 DynamoDB tables and 1500 Lambda functions.

Worrying about your AWS account security? Contact me to get a quote for a cloud security assessment.

Download the paper here, or read the presentation slides:

Recommended Posts