Organizations heavily use Cloud storage to store sensitive data. However, if access control settings are not properly configured or the storage key is leaked, then data may be exposed to unauthorized individuals.
This could lead to the leakage of sensitive data, data being tampered with, or unauthorized access to cloud storage systems.
Here are the tools to identify cloud buckets URLs and Storage Keys in Web Application responses
Burp-AnonymousCloud: Burp extension that performs a passive scan to identify cloud buckets and then test them for publicly accessible vulnerabilities.
(https://github.com/portswigger/anonymous-cloud)
Cloud Storage Tester: This extension can identify and test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues.
(https://portswigger.net/bappstore/04adbe101f544c88b2497a9a25ffaab4)
Free Learning Resources for Application Security and Penetration Testing
Learning portal for Application Security and DevSecOps Engineers. It contains well-written and in-depth articles on Software Security and DevSecOps
blogs.appsecworld.com
Top comments (0)