Matias Haeussler – WindowsTechs.com

Code to detect HTTP/2 Rapid Reset Attack vulnerability

Posted on October 26, 2023 by Matias Haeussler

Is there code/library to detect this vulnerability? I have been searching online and do not find any
We are using Cloudflare which has fixed the issue but government says "we may" have the vulnerability as they have detected that… Continue reading Code to detect HTTP/2 Rapid Reset Attack vulnerability→

Is there record of a pubilc RDS instance with strong password having been hacked?

Posted on March 13, 2021 by Matias Haeussler

I am auditing an AWS account and I found a public RDS instance, that is with public DNS, no Security Group IP connection filtering and in a public Subnet
However, the instance has a relatively strong password (12 characters, symbols, numbe… Continue reading Is there record of a pubilc RDS instance with strong password having been hacked?→

What are the security dangers of using Security Groups instead of NAT Gateways for isolating AWS RDS databases from public access?

Posted on August 18, 2020 by Matias Haeussler

As I have learned, there are two main ways of isolating resources in AWS VPC

One through public/private subnet separation using NAT Gateways to route communications between resources (e.g. public web servers) in the public subnets and res… Continue reading What are the security dangers of using Security Groups instead of NAT Gateways for isolating AWS RDS databases from public access?→

Are public website s3 buckets vulnerable to DDoS attacks?

Posted on August 7, 2020 by Matias Haeussler

We are trying to make our web app the most cost effective and secure we can.
For that reason we are using Cloudflare instead of CloudFront as a CDN for our frontend resources.
We put CloudFront between Cloudflare and S3 to be able to use F… Continue reading Are public website s3 buckets vulnerable to DDoS attacks?→