Data protection

API Gateway REST API with stages that have cache data enabled but cache is not encrypted

Platform(s)
Compliance Frameworks
  • AWS Foundational Security Best Practices Controls
    • ,
  • Brazilian General Data Protection (LGPD)
    • ,
  • CCPA
    • ,
  • coppa
    • ,
  • CPRA
    • ,
  • GDPR
    • ,
  • HITRUST
    • ,
  • iso_27001_2022
    • ,
  • iso_27002_2022
    • ,
  • Mitre ATT&CK
    • ,
  • mpa
    • ,
  • New Zealand Information Security Manual
    • ,
  • NIST 800-171
    • ,
  • NIST 800-53
    • ,
  • PDPA
    • ,
  • pipeda

Description

API Gateway is a service for creating and managing REST, HTTP, and WebSocket APIs. A REST API in API Gateway is a collection of resources and methods that are integrated with backend HTTP endpoints, Lambda functions, or other AWS services. It was detected that the REST API {AwsApiGatewayEndpoint} has stages: {AwsApiGatewayEndpoint.Stages} with cache data enabled, but cache is not encrypted. This vulnerability increases the risk of data stored on disk being accessed by unauthorized user.
Need help?

Get a free Security Risk Assessment. Start today

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo