'lambdaScanner' is a toolkit which has a combination of scripts for
performing penetration testing of lambda functions. The scripts
available in the toolkit help assessing the lambda functions from a
security standpoint. It helps the tester to discover vulnerabilities in
deployment as well as code. It aids in checking vulnerabilities like
improper permissions, SQL injections, command executions etc. to name a
few. This is not an automated scanner, but a toolkit that helps
pen-testers to perform the testing of functions, so it needs to be used
wisely by crafting customized requests and payloads. The lambda
functions are invoked through various events encompassing AWS like S3,
DynamoDB, SQS etc. so the scripts in the toolkit are very helpful in
evaluating functions as well as directly testing with various sets of
payloads. All these scripts are written in python by using boto3 APIs.
The toolkit also has a package called 'lambdaProtect' which can be
integrated with an existing lambda function to guard both incoming event
stream as well as outgoing response.
This toolkit is "in progress/prototype" and would be enhanced with time by an addition of various functionalities.
Here is a diagram, which describes 'lambdaScanner': -
For more detail please visit - here
URL - http://blog.blueinfy.com/p/blog-page.html
This toolkit is "in progress/prototype" and would be enhanced with time by an addition of various functionalities.
Here is a diagram, which describes 'lambdaScanner': -
For more detail please visit - here
URL - http://blog.blueinfy.com/p/blog-page.html