All threats

bucket-misconfiguration

Cloud storage buckets configured with overly permissive access policies

MITRE ATT&CK techniques

Common Weakness Enumeration

• CWE-732
• CWE-200

Mitigating controls

ctrl-bucket-1

Block public access by default

ctrl-bucket-2

Implement bucket policies with least privilege

ctrl-bucket-3

Enable access logging and monitoring

ctrl-bucket-4

Use automated scanning for public buckets

ctrl-bucket-5

Encrypt all stored objects

References

• https://owasp.org/Top10/A05_2021-Security_Misconfiguration/
• https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html