Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All service groups
AWS
All AWS service groups
Account Management
ACM
Amplify
API Gateway (REST APIs)
AppStream
AppSync
Athena
Batch
CloudFront
CloudTrail
CloudWatch
CodeBuild
Cognito
Config
DocumentDB
DynamoDB
EBS
EC2
ECR
ECS
EFS
EKS
ELB
EMR
ElastiCache
ElasticSearch
FSx
Glacier
Global Accelerator
Glue
IAM
Kinesis
KMS
Lambda
MQ
MSK
Neptune
QLDB
RDS
Redshift
S3
Sagemaker
Secrets Manager
SNS
SQS
SSM
Transfer
VPC
WAF
WorkSpaces
Azure
Google
Kubernetes
Report a new vulnerability
RULE
SERVICE GROUP
M
SNS topic is not encrypted
SNS
M
SNS topic is not encrypted with a customer managed key
SNS
M
SQS queue is not encrypted
SQS
M
SSM session is not using KMS to encrypt data between client and EC2 instance
SSM
M
That inbound traffic is allowed to a resource from any source instead of a restricted range
RDS
M
That inbound traffic is allowed to a resource from any source instead of a restricted range
Redshift
M
The API gateway will accept older TLS cipher suits
API Gateway (REST APIs)
M
The application load balancer is not set to drop invalid headers
ELB
M
The AWS kinesis server-side encryption is disabled
Kinesis
M
The ElastiCache replication group is not encrypted at rest
ElastiCache
M
The elasticsearch cluster is not encrypted at rest
ElasticSearch
M
The elasticsearch cluster will accept older TLS/SSL cipher suits
ElasticSearch
M
The Glue connection password stored in metadata is not encrypted
Glue
M
The inline security group rule allows open egress
VPC
M
The instance type does not support encryption at rest
ElasticSearch
M
The inter-cluster traffic will not be encrypted in transit
ElasticSearch
M
The inter-cluster traffic will not be encrypted in transit
MSK
M
The Neptune Cluster storage encrypted set by default to false
Neptune
M
Traffic mirroring is session enabled
EC2
M
Transfer server is publicly accessible
Transfer
M
User volumes in WorkSpace are not encrypted
WorkSpaces
M
VPC default security group allows unrestricted egress traffic
VPC
M
VPC default security group allows unrestricted ingress traffic
VPC
M
VPC endpoint policy allows full access to service
VPC
M
VPC flow logging is not enabled
VPC
M
VPC network ACL allows ingress from '0.0.0.0/0' to port 22
VPC
M
VPC network ACL allows ingress from 0.0.0.0/0 to port 3389
VPC
M
VPC security group allows ingress from any address to all ports and protocols
VPC
M
VPC security group attached to EC2 instance allows ingress from '0.0.0.0/0' to all ports
VPC
M
VPC security group attached to EC2 instance permits ingress from '0.0.0.0/0' to port 389 (LDAP)
VPC
Previous
Next
