How to set up aws-foundations-cis-baseline tool for conducting CIS assessment
This post covers an introduction and instructions to set up the aws-foundations-cis-baseline tool for learning.
Step-by-step guides about
Cloud Security
-
![This post covers an introduction and instructions to set up the aws-foundations-cis-baseline tool for learning.]()
-
![This post covers an introduction and instructions to set up the Inspec tool for learning.]()
How to set up GCP CIS 1.2.0 Benchmark Inspec Profile tool for conducting CIS assessment
This post covers an introduction and instructions to set up the Inspec tool for learning.
-
![Last week a vulnerability affecting the most common logging packages in Java, Log4j, was made public, complete with exploit code. The vulnerability is rated with a critical severity rating of 10. Successful exploitation allows for a very uncomplicated remote command execution without requiring any authentication over the Internet resulting in a complete compromise of data and system confidentiality, integrity and availability. This blogpost explains the detection methods, exploitation techniques and mitigation instructions of the vulnerability.]()
Log4j (CVE-2021-44228): Detection, Exploitation and Mitigation
Last week a vulnerability affecting the most common logging packages in Java, Log4j, was made public, complete with exploit code. The vulnerability is rated with a critical severity rating of 10. Successful exploitation allows for a very uncomplicated remote command execution without requiring any authentication over the Internet resulting in a complete compromise of data and system confidentiality, integrity and availability. This blogpost explains the detection methods, exploitation techniques and mitigation instructions of the vulnerability.
-
![An AWS ELB with HTTP Desync mitigation mode set to **monitor** could allow a class of HTTP desynchronization attacks against the web server behind the Load Balancer. This article provides a step by step guide on how you can check and update the HTTP Desync mitigation mode for your ELB to a more secure option using AWS CLI.]()
How to update AWS ELB HTTP Desync mitigation mode using AWS CLI
An AWS ELB with HTTP Desync mitigation mode set to **monitor** could allow a class of HTTP desynchronization attacks against the web server behind the Load Balancer. This article provides a step by step guide on how you can check and update the HTTP Desync mitigation mode for your ELB to a more secure option using AWS CLI.
-
![An AWS ELB with HTTP Desync mitigation mode set to **monitor** could allow a class of HTTP desynchronization attacks against the web server behind the Load Balancer. This article provides a step by step guide on how you can check and update the HTTP Desync mitigation mode for your ELB to a more secure option.]()
How to update AWS ELB HTTP Desync mitigation mode
An AWS ELB with HTTP Desync mitigation mode set to **monitor** could allow a class of HTTP desynchronization attacks against the web server behind the Load Balancer. This article provides a step by step guide on how you can check and update the HTTP Desync mitigation mode for your ELB to a more secure option.
-
![Cloudflare allows to enforce 2FA for all members in the account. 2FA provides an additional layer of security. This article provides a step by step walkthrough of how you can enforce 2FA for all members on your Cloudflare account.]()
How to enforce 2FA for all Cloudflare account members
Cloudflare allows to enforce 2FA for all members in the account. 2FA provides an additional layer of security. This article provides a step by step walkthrough of how you can enforce 2FA for all members on your Cloudflare account.
