Blog service

Analysis of AWS IAM Bad Input Validation | SOC Prime Blog

Information Source: Amazon
You can see the complete code here
Example mapping from Amiga research
  • Query string parameter matching in the case of usernames should be case-sensitive, unlike some scheme-specific calls.
  • To make the parameter name case-insensitive, parse the query parameters and create a hash of all lowercase parameters.
  • Configure a query parameter matcher with specific value attributes.
  • Add a function to avoid duplicate parameter names (like AWS did).
  • … and more.