-
Building your first IaC scanning pipeline
In this post, we will configure an IaC scanning pipeline using tfsec to scan Terraform code – ensuring our AWS infrastructure is deployed in a secure manner.
-
Dangling DNS Records: What are they & how to remediate them
In this post we will discuss dangling DNS records in a cloud computing context, why they matter and how they can be identified and remediated.
-
AWS Secrets Manager: Best Practices
In this post will discuss some best practices when using AWS Secrets Manager. We’ll touch on secret rotation, encryption and limiting access via IAM and resource policies.
-
Phishing websites: How do they work?
In this post we’ll discuss the phishing phenomenon, reverse engineer a real phishing website and discuss how you can stay safe from phishing attempts.
-
Securing EC2 Instance Metadata in AWS
In this post we will discuss the security pitfalls of the EC2 Instance Metadata Service (IMDS) version 1, identifying it’s use within your AWS account(s), remediation steps and future predictions.