profile-svc-s3-bucket-53

s3-bucket · AWS · ap-southeast-2 · qa

Posture

critical

5

high

6

medium

9

low

8

Ownership

Applicationprofile-svc

TeamGrowth

OwnerRobert King

LanguageC#

Criticality

tier-1

Findings (36)

Hardcoded AWS access key in source

Scout SuiteCSPM

Missing rate limiting on /login

Burp Pro PenTestPenTest

Missing rate limiting on /login

Terraform module pins old AMI with CVEs

Race condition in payment idempotency

Container running as root

Missing rate limiting on /login

TruffleHogSecrets

IAM role with wildcard permissions

GitleaksSecrets

Insecure deserialization in message queue consumer

Contrast RASPRASP

Race condition in payment idempotency

TruffleHogSecrets

Missing rate limiting on /login

JWT signed with weak HS256 secret

Cross-site Scripting in profile renderer

IAM role with wildcard permissions

Unencrypted RDS snapshot

TruffleHogSecrets

Dependency confusion risk on internal package

Burp Pro PenTestPenTest

Dependency confusion risk on internal package

Cross-site Scripting in profile renderer

GitleaksSecrets

Path traversal in file download endpoint

Burp Pro PenTestPenTest

Dependency confusion risk on internal package

Dependency confusion risk on internal package

Missing CSP header on auth pages

Burp Pro PenTestPenTest

Open Redis without auth

Insecure deserialization in message queue consumer

Dependency confusion risk on internal package

Missing rate limiting on /login

Outdated lodash with prototype pollution

Container running as root

Missing CSP header on auth pages

Terraform module pins old AMI with CVEs