Attackers can conduct identity reconnaissance against an organization at leisure without being detected, Palo Alto Networks says.

Nearly two dozen application programming interfaces (APIs) across 16 different Amazon Web Services offerings can be abused to allow attackers to obtain the roster and internal structure of an organization’s cloud account in order to launch targeted attacks against individuals.

All that a threat actor would require in order to carry out the attack is the target organization’s 12-digit AWS ID — something that is used and shared publicly — Palo Alto Networks said this week.

Source: Nearly Two Dozen AWS APIs Are Vulnerable to Abuse


Testing and Monitoring APIs on AWS – AWS Online Tech Talks




API Security in Action teaches you how to create secure APIs for any situation. By following this hands-on guide you’ll build a social network API while mastering techniques for flexible multi-user security, cloud key management, and lightweight cryptography.