Tag: cloud-security
-
Cloud WAF Rule Tuning: Reducing False Positives Without Disabling Protection
WAF false positives that block legitimate users are treated as outages by the business — tune in count mode before enforce mode, or you will disable the WAF under pressure.
-
GCP Service Account Key Sprawl: Managing the Credentials You Forgot Existed
GCP service account keys that are never rotated are effectively permanent credentials — every key that exists is an attack surface that should ideally not exist.
-
S3 Bucket Policy Mistakes That Exposed Data: A Post-Incident Analysis
S3 Block Public Access at the account level is the single highest-leverage control for preventing accidental data exposure — but it is off by default in older AWS accounts.
-
AWS IAM Privilege Escalation: The Paths Attackers Actually Use
IAM privilege escalation in AWS rarely requires compromising an admin account — over 20 documented paths allow escalation from low-privilege users through policy misconfiguration.