The Future of Cloud Access Management: How Tenable Cloud Security Redefines Just-in-Time Access
Traditional approaches to cloud access rely on static, permanent permissions that are often overprivileged. Learn how just-in-time access completely changes the game.The access challenge in modern cloud environmentsAs cloud adoption accelerates, organizations are grappling with a fundamental security challenge: How do you grant people the access they need — such ... Read More
Creating Elegant Azure Custom Roles: Putting NotActions into Action!
Creating custom Roles in Azure can be a complex process that may yield long and unwieldy Role definitions that are difficult to manage. However, it doesn’t have to be that way. Read on to learn how you can simplify this process using the Azure “NotActions” and “NotDataActions” attributes, and create ... Read More
New AWS Control Policy on the Block
AWS has released an important new feature that allows you to apply permission boundaries around resources at scale called Resource Control Policies (RCPs). Read on to learn what RCPs are all about and how to use them, as well as how Tenable Cloud Security already factors them into its analysis.AWS ... Read More
Exfiltrated, Signed, Delivered – What Can Go Wrong When an Amazon Elastic Compute Cloud (EC2) Instance is Exposed to SSRF
New CNAPPgoat scenario makes experimentation easy by triggering calls to AWS service from an EC2 instance exposed to SSRF The post Exfiltrated, Signed, Delivered – What Can Go Wrong When an Amazon Elastic Compute Cloud (EC2) Instance is Exposed to SSRF appeared first on Ermetic ... Read More
Exfiltrated, Signed, Delivered – What Can Go Wrong When an Amazon Elastic Compute Cloud (EC2) Instance is Exposed to SSRF
New CNAPPgoat scenario makes experimentation easy by triggering calls to AWS service from an EC2 instance exposed to SSRF The post Exfiltrated, Signed, Delivered – What Can Go Wrong When an Amazon Elastic Compute Cloud (EC2) Instance is Exposed to SSRF appeared first on Tenable Cloud Security ... Read More
What’s New with CNAPPgoat?
Read about the newest, expanded features in Ermetic’s open source vulnerable-by-design tool for enhancing your security skills The post What’s New with CNAPPgoat? appeared first on Ermetic ... Read More
The Azure Metadata Protection You Didn’t Know Was There
Some Azure services have an additional, not widely known, protection mechanism against session token exfiltration The post The Azure Metadata Protection You Didn’t Know Was There appeared first on Ermetic ... Read More
The Next Step in the IMDSv1 Redemption Journey
Learn about AWS’s new open source library for enforcing IMDSv2 and Ermetic’s new lab for trying it out The post The Next Step in the IMDSv1 Redemption Journey appeared first on Ermetic ... Read More
CNAPPgoat: The Multicloud Open-Source Tool for Deploying Vulnerable-by-Design Cloud Resources
All about CNAPPgoat, our open-source project designed to modularly provision vulnerable-by-design components in cloud environments. The post CNAPPgoat: The Multicloud Open-Source Tool for Deploying Vulnerable-by-Design Cloud Resources appeared first on Ermetic ... Read More
The Default Toxic Combination of GCP Compute Engine Instances
By default, compute instances in GCP are prone to a toxic combination that you should be aware of, and can avoid and fix The post The Default Toxic Combination of GCP Compute Engine Instances appeared first on Ermetic ... Read More
