Could a Well-Architected Framework Review Have Prevented the Capital One Breach?

On the heels of the Equifax data breach settlement, Capital One announced their disastrous data breach. According Capital One, the breach took place on March 22 and 23, 2019. The hacker gained access to approximately 106 million records of personal information that included names, addresses, dates of birth, credit scores, transaction data, social security numbers and bank account numbers.

Capital One hosts its data on AWS servers. Because of the breach, AWS has come under scrutiny, but upon further investigation, the breach was caused by an open-source Web Application Firewall (WAF) misconfiguration on Capital One’s part, not AWS. The WAF had too many permissions, therefore allowing the hacker to trick the server with a well-known method called a Server Side Request Forgery (SSRF) attack and gain access to the data.

SSRF is becoming a problem for organizations who host their data on AWS. Although the underlying infrastructure of the AWS cloud server is secure and stable, it is common for developers to build servers with outdated practices. Therefore, the organization’s data becomes vulnerable to an SSRF attack and other methods of compromise.

Amazon knows this very well and created the Well-Architected Framework service for AWS customers to help them build their architecture securely and detect common exploitation techniques. Amazon’s Well-Architected Framework is built on the five pillars of AWS:

Operational Excellence

The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.


The security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.


The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.

Performance Efficiency

The performance efficiency pillar includes the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.

Cost Optimization

The cost optimization pillar includes the ability to avoid or eliminate unneeded cost or suboptimal resources.

As an AWS Partner, we perform Well-Architected reviews for your AWS and application architecture by following the five pillars. We look for vulnerabilities, misconfigurations and identify what needs to be remediated.  We work with you to remediate any issues we’ve found so that you can rest knowing that your architected solution is built solidly on the five pillars. For a limited time, receive $5,000 in AWS credits when we do a remediation based on our review.

An AWS Well-Architected Framework Review would have caught Capital One’s disastrous misconfiguration. No one wants to be on the homepage of a news outlet like Capital One (and Equifax) because their data was stolen. If you are an AWS customer and you have never had your application architecture inspected, it is time.

I want to learn more about the AWS Well-Architected Review.

Please select a valid form
This entry was posted in AWS and tagged .