This roadmap was built by security experts to provide a vendor agnostic Zero Trust architecture and example implementation timeline.

A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation by reducing your cloud applications' attack surface.

A vulnerability that allowed external actors to delete, update, and create ECR Public images, layers, and tags in registries and repositories that belong to other AWS Accounts, by abusing undocumented internal ECR Public API actions.

Google released OSV-Scanner, a free tool that gives open source developers easy access to vulnerability information relevant to their project.

Understand how an attacker can leverage Redshift default permissions to perform lateral movement and privilege escalation.

A post presenting an unusual way of Cache Poisoning which happens between Akamai and Amazon S3 Buckets.

How DoorDash built a secure data transfer to a new payment processing vendor by establishing a private network link using AWS Direct Connect.

The Splunk Threat Research Team shares a closer look at the telemetry available in Azure, AWS and GCP and the options teams have to ingest this data into Splunk.

A signature is only useful if consumers verify it correctly. One common failure mode is to verify that some software was signed, but not check who signed it.

Kubernetes v1.26 will see some security-related improvements, like signing release artifacts with cosign, and the introduction of CEL (Common Expression Language) to make admission controllers easier to develop.

A Server Side Request Forgery (SSRF) protection library. You can also refer to the companion blog post.

ima.ge.cx is a site that allows you to inspect the contents of Docker images.

YaraHunter scans container images, running Docker containers, and filesystems to find indicators of malware.

Find outdated or deprecated Helm charts running in your cluster.

GitHub report is a simple tool that collects data from repositories and send them to a dedicated Slack channel as a weekly feed.

A kubectl plugin to visualize Kubernetes resources and relationships.

Starting in April 2023, S3 will introduce two new default bucket security settings by automatically enabling S3 Block Public Access and disabling S3 access control lists (ACLs) for all new S3 buckets. There is no change for existing buckets.

Post presenting a configuration driven dynamic CI/CD solution per repository.

Security Hub is aiming to release two new features in the first quarter of 2023 that will decouple controls from standards and streamline how you view and receive control findings.

A whitepaper demonstrating the level of security review and threat modelling any Google product goes through.

Introduces the building blocks of reliability in Google Cloud, and provides architectural recommendations to design reliable infrastructure for your cloud workloads.