This page likely won't work without JavaScript enabled.Security

Security

Protections

SSL

  • SSL is enabled on all resources and endpoints.

CORS

  • API deployments allow access from one origin per stage.

XSS

  • A content security policy prevents the browser from downloading or executing scripts from unauthorized sources.
  • React escapes input loaded from a database.

Authentication

  • User profiles are stored and managed through AWS Cognito.
  • An library developed by Amazon is used for authentication actions like.

Authorization

  • Brute force attacks are handled by Cloudfront, the CDN.
  • Resources that contain private user data are only accessible to authenticated users.
  • User credentials are verified using an AWS-provided Authorizer.
  • Access to the Lambda function that queries the database is based on a whitelist of API Gateway resources.
  • Access to the database is granted to Lambdas through Identity-Based Policies (IAM Policies).

Vulnerabilities

  • Access to the AWS account by an unauthorized party.
  • Credentials extracted from browser storage. Possible mitigation: Credential storage in HTTP only cookies, CSRF tokens.
  • Delayed cross-device sign out. Possible mitigation: Blacklist of tokens invalidated during global sign outs.