About secret scanning - GitHub Docs
GitHub scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.| GitHub Docs
GitHub scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.| GitHub Docs
The KMS keys that you create and manage for use in your own cryptographic applications are of a type known as customer managed keys . Customer managed keys can also be used in conjunction with AWS services that use KMS keys to encrypt the data the service stores on your behalf. Customer managed keys are recommended for customers who want full control over the lifecycle and usage of their keys. There is a monthly cost to have a customer managed key in your account. In addition, requests use an...| docs.aws.amazon.com
July 27, 2021: We’ve updated the link to the 2019 re:Invent session on this topic. Since it first launched over 10 years ago, the Amazon EC2 Instance Metadata Service (IMDS) has helped customers build secure and scalable applications. The IMDS solved a big security headache for cloud users by providing access to temporary, frequently rotated […]| Amazon Web Services
Create identity providers, which are entities in IAM to describe trust between a SAML 2.0 or OpenID Connect (OIDC) identity provider and AWS.| docs.aws.amazon.com
Grant applications on your EC2 instances permissions to make secure API requests to AWS.| docs.aws.amazon.com
Learn about IAM finding types in GuardDuty. An IAM finding is a notification that contains details about a principal AWS account root user, IAM role, or user) that GuardDuty has identified as behaving in a suspicious and potentially malicious way.| docs.aws.amazon.com
Identify cloud security issues and misconfigurations even before they pose an actual security risk by performing static analysis of Terraform code.| Christophe Tafani-Dereeper
In this post, we discuss the risks of the AWS Instance Metadata service in AWS Elastic Kubernetes Service (EKS) clusters. In particular, we demonstrate that compromising a pod in the cluster can have disastrous consequences on resources in the AWS account if access to the Instance Metadata service is not explicitly blocked. Introduction For the purposes of this post, we’ll use an EKS cluster running Kubernetes v1.17.9 and created with eksctl. We could also have created the cluster using Ter...| Christophe Tafani-Dereeper
TURN server allowed proxying of TCP connections and UDP packets to internal Slack network and meta-data services on AWS.| HackerOne
In this section we explain what server-side request forgery (SSRF) is, and describe some common examples. We also show you how to find and exploit SSRF ...| portswigger.net
A vulnerability in a widely-used Java logging component is exposing untold numbers of organizations to potential remote code attacks and information exposure.| Sophos News
Service control policies (SCPs) offer central control over the maximum available permissions for IAM users and IAM roles in an organization.| docs.aws.amazon.com
Update 4/29/2021 3PM PT: Through our investigation, we now have additional information concerning what environment variables may have been obtained without authorization and how they may have been used. ...| Codecov
Learn how applications in your Pods can access AWS services.| docs.aws.amazon.com
Microsoft Team's link preview feature is susceptible to spoofing and vulnerable to Server-Side Request Forgery. Team's Android users can be DoS'ed and, in the past, their IP address could be leaked.| positive.security
