Skip to content

Information Disclosure: AWS Access Token¶

Identifier: aws_access_token

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

AWS access tokens including access keys, secret keys, and session tokens should never be exposed in API responses, logs, or client-side code, as they provide direct access to AWS services and resources.

How we test: We scan responses, logs, and client-side code to detect AWS access tokens, secret keys, and session tokens. We check for patterns matching AWS credential formats and alert if these sensitive credentials are exposed.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  aws_access_token:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.