Tag: cloudsecurity

Google Cloud Armor has a documented limitation related to the maximum size of an HTTP POST request body the service is able to inspect and block. Attackers can use this limitation to bypass the protection provided by Cloud Armor and potentially exploit vulnerabilities that may be present in an underlying web application. This article will take you through how Cloud Armor rules can be configured to appropriately mitigate the risk due to the limitation.

An insightful presentation by Kavisha Seth on understanding and identifying different attack vectors on AWS and learning about various security controls that can be implemented.

Secrets like passwords, API keys, access keys, etc. can often creep into our source code repositories intentionally or unintentionally, hence it is essential to ensure that we spot them at the earliest. In this article, we look into how to automate scanning of GitHub repositories for secrets using GitHub Actions.

1Password is a SaaS that is used to securely store and share credentials across team members. This article shows how you can perform a user audit and identify access or rogue users within your organisation.

A quick guide on detecting and fixing the recently discovered Pwnkit (CVE-2021-4034) Local Privilege Escalation vulnerability on standalone and cloud based virtual machines.

A step by step guide to show how a security audit of AWS IAM can be performed to identify users attributes like unrotated keys, IAM password policies, access and much more.