Who has access to my sensitive S3 bucket?Who can create new IAM users in our account?Who can read data off of my DynamoDB? These are
Who has access to my sensitive S3 bucket?Who can create new IAM users in our account?Who can read data off of my DynamoDB? These are questions we often hear from
With the rise of cloud-native technologies more responsibility falls in the hands of developers. Beside the application source code developers are now writing containers code, orchestrators code and also defining their infrastructure and cloud resources using infrastructure-as-code (IaC). Using the correct IaC configuration is a real challenge and leaving your
Crossing IAM worries off your (S3) bucket list Winter is coming, so let’s talk about clouds with leaking buckets. As you may know, AWS is the market share leader in the public cloud services space, with 31% of the revenue pie (or 33% of a smaller revenue pie), and as
It’s more than a week since the gaming and content streaming giant Twitch confirmed a data breach. Twitch, a popular streaming service used by gamers, again made the headlines as it was attacked, resulting in 125 GB of data leaks onto the 4Chan forum. The leaked data comprises sensitive user
The scan has turned up a misconfiguration in the policy that uses an “*” that is way too permissive since it allows for everything. Snyk IaC provides information about the potential risk from this configuration and general advice for how to fix the problem, and Solvo takes this further by
AWS S3 buckets have a well-earned reputation for being down right leaky. Considering how widely used this useful object storage service is for developers, it has historically been fairly easy to misconfigure their security policies. And as case after case –– look at the recent Premier Diagnostics incident –– has
Everyone in IT is concerned with keeping up with trends, best practices and watching what others are doing. In such a fast-changing world, it’s easy to fall behind if you’re not paying attention and even when you are, it can just make things more confusing. Should you go with the
When it comes to writing security policies in AWS, it pays to be specific. Misconfigured policies can lead to unfortunate data leaks or even breaches, so locking down your AWS environments is a must for every organization. In order for us to write and manage policies securely, we need to
And other tips for avoiding infrastructure security policy misconfigurations
Dynamic solution empowers collaboration between developers and security teams without compromising security
There is that special time in every company’s life…
