WARNING: bots are waiting for your insecure deployments

TL;DR

Learn how to analyze and secure your deployed application from potential vulnerabilities targeted by bots.

Transcript

all right this is going to be a real quick um discussion I'm not really going to be talking about amplify although I will be showing logs that come from my amplify deployed service I was kind of looking through my logs I want to kind of get a breakdown of like various requests and how long does your requests take and I ended up writing a custom scr... Read More

Key Insights

• 🧑‍💻 Custom scripts can provide deeper insights into application logs than some standard monitoring tools, such as CloudWatch Insights.
• 🤖 Unexpected log entries can indicate probing activities by bots looking for security vulnerabilities within deployed applications.
• 🧑‍💻 Regularly auditing logs helps developers identify unexpected patterns or anomalies that may signal security concerns.
• 📁 Security best practices dictate that sensitive files, especially environment files, should never be included in a public deployment.
• 🤩 Bots actively exploit exposed credentials; the author recounts an incident where they accidentally committed AWS keys to GitHub, leading to significant financial repercussions.
• 🧑‍🏭 Developers should remain vigilant about securing their services, as bad actors mimic legitimate user behavior to identify targets for exploitation.
• ✳️ Maintaining a secure codebase is an ongoing responsibility, requiring awareness and proactive measures to mitigate risks associated with public exposure.

Questions & Answers

Q: What motivated the author to analyze their Amplify logs?

The author was seeking a breakdown of various requests to their deployed service and the time these requests took. In doing so, they observed unexpected hits to their application, leading them to uncover potential security vulnerabilities posed by bots scanning for weaknesses.

Q: What method did the author use to analyze their logs?

The author developed custom scripts to download and process the last 24 hours of their Amplify logs. The scripts utilized regex expressions to navigate log entries, sorting and aggregating request durations and counts, allowing them to visualize request frequencies and performance metrics more effectively.

Q: What unexpected findings did the author encounter in their log analysis?

Upon analyzing the logs, the author discovered unexpected requests for files that did not exist in their system, such as environment files typical in frameworks like Laravel and WordPress. This led the author to suspect that bots were actively scanning their domain for vulnerabilities, seeking to exploit misconfigurations.

Q: What advice does the author provide regarding application security?

The author emphasizes the critical need for securing web applications, noting that malicious bots continuously crawl the internet searching for vulnerabilities. They stress the importance of ensuring that sensitive files are not inadvertently deployed and recommend using tools to scan for potential security lapses.

Summary & Key Takeaways

• The content discusses the author's experience analyzing logs from their Amplify deployment to understand request durations, revealing unexpected hits by bots looking for vulnerabilities.

• The author created custom scripts to aggregate log data, demonstrating how tools like CloudWatch Insights may fall short in detailed log analysis.

• A warning is issued about the importance of securing applications, as malicious bots regularly probe deployed services for sensitive files and security weaknesses.