Hacker News new | comments | show | ask | jobs | submit login
Show HN: Flaws: learn about common mistakes and gotchas when using AWS (flaws.cloud)
35 points by neomatrix 9 months ago | hide | past | web | favorite | 3 comments

Thank you for posting this, but doesn't "Show HN" mean you're linking to something you've made? I'm the creator of flaws.cloud

Scott, Thanks for creating this! Julien from Mozilla referred this to me back at AppSec and I have been using it as a devops security primer for folks in my org since. Really clever teaching tool. I've had it on my mind to create an Azure equivalent when time permits!

Thanks for putting this together Scott - I remember running through the exercises a year or so ago and realising how awesome some of these mistakes are. I ended up turning the S3 bucket stuff into a conference presentation, after bruteforcing *.s3.amazonaws.com for valid buckets, and checking their permissions/ACLs.

Great for bug bounties, or in UpGuardā€™s situation, a tonne of publicity from private data being accessible from public buckets.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact