Securing Your AWS IAM Cross-Account Roles and Service Roles

AWS Identity and Access Management (IAM) is a powerful service that helps you control access to AWS resources by enabling you to specify who and what is authenticated (signed in) and authorized (has permissions) to use those resources. Since IAM…

Read More

How to Discover Your S3 Bucket Exposures

For many, enterprises Amazon S3 buckets have been revolutionary, especially for those storing and distributing massive amounts of videos and photos. S3, or Simple Storage Service, is public cloud storage within Amazon Web Services (AWS). In a nutshell, they provide…

Read More

Halo Cloud Secure: A unified product

Vitaliy Geraymovych, Talli Somekh, and I founded CloudPassage in 2010. In those early days, cloud infrastructure was broadly dismissed as little more than a hosting environment for games, blogs, and experiments. The bulk of IaaS offers revolved around cloud servers…

Read More

Changes in the CIS controls and why you need to know

Have you heard of the top 20 Controls from the Center for Internet Security (CIS)? These are also known as the CIS common controls and they’re my favorite list of controls. Sure, PCI, NIST, CSA, SOX, FERPA, NERC, and HIPAA…

Read More

LIDS cross site scripting (XSS) for attack detection

Cross Site Scripting (XSS) is one of the most common application security vulnerabilities and it affects many web applications. XSS attacks occur when an attacker uses a web application to send malicious code (generally in the form of a browser…

Read More

Who’s responsible for security in AWS?

One of the biggest questions to be answered as enterprises migrate to AWS is, who’s responsible for security? The AWS shared responsibility model for security is a must-read for security and compliance practitioners starting their AWS journey. AWS does provide…

Read More