Exposed AWS S3 Buckets == Directory Listing | Avaya Case Study

  1. Any information disclosure via Directory Listing or AWS S3 Bucket Exposure could be used in different set of attacks.
  2. From configuration standpoint, the enterprises or organizations do not need an explicit listing of objects or resources. A direct link to the file that is explicitly shared via different outlets should suffice. The idea is to only make specific files public and not the complete directory.
  3. Attackers still get access to the files via listing which they are not suppose to.

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store