The last S3 Security document that you will ever need(trustoncloud.com) |
The last S3 Security document that you will ever need(trustoncloud.com) |
https://github.com/trustoncloud/threatmodel-for-aws-s3/raw/m...
Here is a nice threat:
Etags includes the MD5 of the file but not consistently and can be used by developers to verify the integrity of a file. An attacker can affect an upload function to change the etag of a file, in order to disrupt a workflow downstream.