A vulnerable Cognito application is a web application that can be used to practice various Cognito attacks which can help individuals practice their craft real time.
- AWS Account(Free Tier does also work)
- Refer aws docs for setting up cognito - https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-getting-started.html
- We can set up the web application both on localhost and S3 bucket with some minor changes in the index.html file
- While setting up in the cloud ensure to implant sufficient security controls
- Refer to Appsecco's blog on various cognito misconfigurations - https://blog.appsecco.com/exploiting-weak-configurations-in-amazon-cognito-in-aws-471ce761963