Category: academy

Multi factor authentication (MFA) provides an additional layer of security and must be enabled whenever possible. In this article we go through the detailed steps to enable MFA for an AWS account Root user.

Elasticsearch/OpenSearch domains that are not required to be openly accessible should be created without a public endpoint to prevent arbitrary public access to the domain.

Prevent password reuse policy can be easily enabled in AWS. This helps in preventing users from reusing their old passwords after expiry or when password change operations are performed. This article provides a step by step walkthrough of how you can enable Prevent Password Reuse policy on AWS, both in video and text for your preferred medium of learning.

Publicly exposed database instances can attract a lot of brute force attacks and may lead to a compromise of the database as well. If a database requires a public IP address, then one must make sure to restrict the public access to only trusted IP addresses.

Google Cloud Armor has a documented limitation related to the maximum size of an HTTP POST request body the service is able to inspect and block. Attackers can use this limitation to bypass the protection provided by Cloud Armor and potentially exploit vulnerabilities that may be present in an underlying web application. This article will take you through how Cloud Armor rules can be configured to appropriately mitigate the risk due to the limitation.

A guide on deploying your first (or second, or third or …) application from a code repository to a server via the awesome GitHub Actions workflow.