Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/doyensec/cloudsec-tidbits

Blogpost series showcasing interesting cloud - web app security bugs
https://github.com/doyensec/cloudsec-tidbits

aws cloudsecurity terraform

Last synced: about 2 months ago
JSON representation

Blogpost series showcasing interesting cloud - web app security bugs

Awesome Lists containing this project

README 

        
# .: CloudSec Tidbits :.



![cloudsectidbit-logo200](https://user-images.githubusercontent.com/6027823/196643035-3e837401-0781-4d54-9017-358f81e9022e.png)



CloudSec Tidbits is a blogpost series showcasing interesting bugs found by Doyensec during cloud security testing activities.

We’ll focus on times when the cloud infrastructure is properly configured, but the web application fails to use the services correctly.



Each blogpost will discuss a specific vulnerability resulting from an insecure combination of web and cloud related technologies. Every article will include an Infrastructure as Code (IaC) laboratory that can be easily deployed to experiment with the described vulnerability.



### Available episodes:



- [Tidbit #1 - The Danger of Falling to System Role in AWS SDK Client](https://blog.doyensec.com/2022/10/18/cloudsectidbit-dataimport.html)

- [Tidbit #2 - Tampering User Attributes In AWS Cognito User Pools](https://blog.doyensec.com/2023/01/24/tampering-unrestricted-user-attributes-aws-cognito.html)

- [Tidbit #3 - Messing around with AWS Batch For Privilege Escalations](https://blog.doyensec.com/2023/06/13/messing-around-with-aws-batch-for-privilege-escalations.html)






This project was made with love in [Doyensec Research island](https://doyensec.com/research.html).



![alt text](https://doyensec.com/img/logo.svg "Doyensec Logo")