ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated with right service name for consistency

Browse Source
This commit is contained in:
Toni de la Fuente
2021-10-07 16:42:30 +02:00
parent b6fdbaba01
commit 571a714a82
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
checks/check_extra7155
View File

@@ -25,7 +25,7 @@ CHECK_TYPE_extra7155="EXTRA"
CHECK_SEVERITY_extra7155="MEDIUM" CHECK_SEVERITY_extra7155="MEDIUM"
CHECK_ASFF_RESOURCE_TYPE_extra7155="AwsElasticLoadBalancingV2LoadBalancer" CHECK_ASFF_RESOURCE_TYPE_extra7155="AwsElasticLoadBalancingV2LoadBalancer"
CHECK_ALTERNATE_check7155="extra7155" CHECK_ALTERNATE_check7155="extra7155"
CHECK_SERVICENAME_extra7155="ElasticLoadBalancingV2" CHECK_SERVICENAME_extra7155="elb"
CHECK_RISK_extra7155='HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands.' CHECK_RISK_extra7155='HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands.'
CHECK_REMEDIATION_extra7155='Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode' CHECK_REMEDIATION_extra7155='Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode'
CHECK_DOC_extra7155='https://aws.amazon.com/about-aws/whats-new/2020/08/application-and-classic-load-balancers-adding-defense-in-depth-with-introduction-of-desync-mitigation-mode/' CHECK_DOC_extra7155='https://aws.amazon.com/about-aws/whats-new/2020/08/application-and-classic-load-balancers-adding-defense-in-depth-with-introduction-of-desync-mitigation-mode/'

4
checks/check_extra7156
View File

@@ -17,8 +17,8 @@ CHECK_SCORED_extra7156="NOT_SCORED"
CHECK_TYPE_extra7156="EXTRA" CHECK_TYPE_extra7156="EXTRA"
CHECK_SEVERITY_extra7156="Medium" CHECK_SEVERITY_extra7156="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7156="AwsApiGatewayV2Api" CHECK_ASFF_RESOURCE_TYPE_extra7156="AwsApiGatewayV2Api"
CHECK_ALTERNATE_checa7156="extra7156" CHECK_ALTERNATE_check7156="extra7156"
CHECK_SERVICENAME_extra7156="apigatewayv2" CHECK_SERVICENAME_extra7156="apigateway"
CHECK_RISK_extra7156="If not enabled the logging of API calls is not possible. This information is important for monitoring API access." CHECK_RISK_extra7156="If not enabled the logging of API calls is not possible. This information is important for monitoring API access."
CHECK_REMEDIATION_extra7156="Enable Access Logging in the API stage." CHECK_REMEDIATION_extra7156="Enable Access Logging in the API stage."
CHECK_DOC_extra7156="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-stage-accesslogsettings.html" CHECK_DOC_extra7156="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-stage-accesslogsettings.html"