Addressing security risks at scale is more important than ever. With a global pandemic accelerating digital transformations, organizations are shipping new products and services at a faster clip, processing new forms of payment, and increasing reliance on web assets. To keep pace, organizations across the globe have decided to expedite their move to the cloud.
But with cloud transformation comes new risks. Dramatic shifts in organizations’ attack surfaces, coupled with increasingly overburdened security teams, have changed the vulnerabilities that businesses can expect to encounter. For applications hosted on the cloud, Improper Access Control, Information Disclosure, and Server-Side Request Forgery have become the three most severe and common vulnerabilities in 2020.
Server-Side Request Forgery (SSRF)
SSRF vulnerabilities are dangerous because they can lead to total system compromise and allow access to an organization’s cloud infrastructure. SSRF vulnerabilities are most common in applications where the user has the ability to download an asset from an external resource, such as webhooks, integrations, and PDF generators.
Previously, SSRF bugs were fairly benign as they only allowed internal network scanning and sometimes access to internal admin panels, but the advent of cloud architecture has inadvertently exposed organizations to more risk due to the cloud metadata service. When vulnerable, instead of pointing to an external resource, the attacker could be pointed to an internal resource. Although this service cannot be queried from outside the firewall, the SSRF vulnerability and missing mitigations can allow an attacker to access them anyway. In fact, SSRF is now the fourth highest paid vulnerability on HackerOne, up 103% in popularity year over year according to proprietary research.
Improper Access Control and Information Disclosure
Similarly, Improper Access Control and Information Disclosure are particularly prevalent, increasing 134% and 63% year over year respectively, because they’re nearly impossible to detect using automated tools. Organizations continue to develop new applications in or migrate existing applications to cloud-based services and there are inherent issues with vulnerabilities slipping through the cracks. The result? Dangling DNS records and misconfigured S3 buckets.
A dangling DNS record is a record that is pointing to an AWS resource that doesn’t exist anymore. Due to the namespacing on AWS, this often means that the same resource can be claimed again by an attacker. While there are many forms of misconfigured S3 buckets, the two common mistakes are over-exposure of data or temporarily granted upload policies that are incorrectly scoped. Most people test anonymous access to their S3 buckets but forget to test access from a separate AWS account, which can have a different policy.
While not a high-paid vulnerability on HackerOne, misconfiguration vulnerabilities have experienced a 12,286% increase in the past year. Often seen as an easy target, these vulnerabilities can be easy to detect to the experienced eye, and they are created just as easily.
When moving to the cloud under immense pressure, best practices like developing clear architecture, access management configuration, and well-designed APIs, as well as simply setting up assets correctly, can be difficult to prioritize. When that occurs, it creates dangerously clear entry points for attackers. Cloud-native organizations and those migrating to the cloud need robust security solutions to ensure their cloud development reduces security risk while development teams work to configure their applications.
Joining AWS Marketplace
Today, HackerOne is excited to join AWS Marketplace. Going forward, we will seek to bring AWS customers streamlined access to vulnerability discovery and assessment to identify and remediate vulnerabilities before they can be exploited. As one of the first comprehensive security solutions providers offered in AWS Marketplace, HackerOne offers solutions and services to discover security risks, vulnerabilities, and misconfigurations faster and remediate priority issues with the right skills and the right team. Armed with the largest, most comprehensive database of valid vulnerabilities in the industry, HackerOne gives organizations access to the largest community of hackers on the planet. These hackers have one key advantage — they can think like an attacker.
With services from HackerOne available in AWS Marketplace, AWS customers also have a simplified way to purchase software and related services in a centralized place. For more information on HackerOne offerings in AWS Marketplace, visit https://aws.amazon.com/marketplace/seller-profile?id=10857e7c-011b-476d-b938-b587deba31cf
For more information on and analysis of the most common and critical vulnerabilities found in applications hosted on AWS, tune in to HackerOne Co-founder Jobert Abma’s session at AWS re:Invent and explore how to leverage this data to build secure applications. Register here: https://reinvent.awsevents.com/