Overview

In this short article, we’ll cover the basics surrounding AWS architecture. I decided to create this overview after performing a penetration test on a serverless web application and hope it proves useful as a quick crash course to AWS serverless architecture.

What Makes an Application Serverless?

A serverless application is often comprised of many microservices. What are microservices? A microservice is an independent and modular service that is deployable as a stand-alone service in and of itself. This means that each service does one job within a domain and only that job itself.

An example of a microservice could be an authentication service. The authentication…


Image for post
Image for post

Intro & Why GitDorker?

Traversing GitHub for secrets utilizing automated tools such as gitrob (michenriksen) or GitGot (BishopFox) are great for a quick scan of potentially hidden sensitive information behind a target’s GitHub environment. However, these automated tools used to discover secrets in GitHub are far from perfect.

Oftentimes sensitive secrets stored in a target’s GitHub environment are overlooked and thus not reported in the tool output due to the limitations of automated scanning (regex, entropy searches, etc.). On the flip slide, too much information can be outputted by automated tools, making it difficult to discern true secrets from a sea of false positives.

Omar Bheda

Amateur bug bounty hunter, tool devleoper, and offensive security researcher.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store