Homepage

Find out if you have vulnerabilities that put you at risk

Test your applications
Toggle filtering controls
Report a new vulnerability
RULESERVICE GROUP
  • H
Public ALB Must Be Protected by AWS WAF
WAF
  • H
Public read access is enabled for storage containers and blobs
Storage
  • H
RDS database instance is publicly accessible
RDS
  • H
Redis cache insecure port is enabled
Redis
  • H
Redshift cluster does not require SSL connections
Redshift
  • H
Redshift cluster is publicly accessible
Redshift
  • H
Roles and cluster roles should not use wildcards for resource, verb, or apiGroup entries
Role
  • H
S3 bucket ACL allows public access to S3 bucket storing CloudTrail log files
S3
  • H
S3 bucket does not have `ignore_public_acls` enabled
S3
  • H
S3 bucket has `restrict_public_buckets` disabled
S3
  • H
S3 bucket is publicly readable
S3
  • H
S3 Bucket is publicly readable
S3
  • H
SageMaker Notebook root access is enabled
Sagemaker
  • H
SAS token can be used over insecure HTTP
Storage
  • H
Sensitive certificate key material is stored in state file
Secrets Manager
  • H
Service account has admin privileges
IAM
  • H
Service is using an external IP
Service
  • H
SQS queue policy allows all actions on the resource
SQS
  • H
SQS Queues are not encrypted at rest
SQS
  • H
SSL is not enabled on CloudSQL instance
Cloud SQL
  • H
Storage account blob service soft delete is disabled
Storage
  • H
Storage account does not enforce HTTPS
Storage
  • H
Storage container allows public access
Storage
  • H
Storage queue service logging is disabled
Storage
  • H
The built-in "cluster-admin" role is used
Deployment
  • H
The client traffic will not be encrypted in transit
MSK
  • H
The ElasticSearch cluster does not enforce HTTPS
ElasticSearch
  • H
The FSx for Windows File Server does not have retention backup period configured
FSx
  • H
The IAM role can be assumed by any service or principal
IAM
  • H
The log_connections setting is disabled on Postgresql DB
Cloud SQL