The Security Benefits of Infrastructure as Code
We have developed and delivered new ways to deliver infrastructure quickly and without these misconfigurations. Prevention is the only cure; we’ll talk about how you can implement this today.
AWS
OIDC for GitHub Actions
At Cloud Security Partners, we perform a lot of code reviews and Cloud Security Assessments. During these engagements, we see many different CI/CD patterns that cause us to raise our eyebrows. One situation in particular that we encounter relatively often is the unsafe use of AWS credentials. The CIS
Our Support For Cloudsplaining
We’re proud to announce that Cloud Security Partners will be forking and maintaining Cloudsplaining, the popular cloud IAM tool. Open source and giving back to the community are very important to us and something we try to do often via contributions and free training!
The cloud security community has
Gen AI Security: An Introduction and Resource Guide
Like many industries, Artificial Intelligence has taken the security industry by storm. Security practitioners now are faced with the challenge of understanding new classifications of threats and new techniques of attack. Threat Actors are utilizing AI to improve their attacks, while also exploiting AI services. AI and Generative AI utilize
LASCON Recap - Infrastructure as Code
Recently, we had the privilege of participating in and sponsoring the Lonestar Application Security Conference (LASCON). Our CEO, Michael McCabe, and Ken Toler delivered a training session and a talk on exploiting Terraform for remote code execution; both received a fantastic turnout. In between operating our booth, we had the
RDS Revealed? Time to Give It Some Shade!
By: John Poulin
At Cloud Security Partners, we have audited thousands of customer AWS accounts as part of our security reviews. Across our customers, roughly 5% of the AWS Relational Database Service (RDS) instances we analyze are publicly accessible. A general rule of thumb across the security industry is that
The Hidden Dangers of Using Terraform's Remote-Exec Provisioner
Terraform is a powerful infrastructure as code tool that can support multi-cloud deployments. Terraform provides consistent and reliable deployments for cloud infrastructure. But as with every tool there are hidden dangers built-in we need to check for!
The remote-exec provisioner in Terraform can be a valuable tool, providing the ability