AWS security news, help and research

AWS security News

May 06, 2021 06 May'21
Popular mobile apps leaking AWS keys, exposing user data

Security researchers at CloudSek discovered approximately 40 popular mobile apps contained hardcoded API secret keys, putting both user information and corporate data at risk.
April 01, 2020 01 Apr'20
AWS security options grow with Amazon Detective

AWS has released Amazon Detective, a managed threat hunting service that generates visualizations out of log data from native Amazon Web Services.
December 31, 2019 31 Dec'19
AWS month in review: An AWS re:Invent recap of overlooked roll outs

It's almost impossible to keep up with all the services and capabilities AWS trots out for its annual re:Invent conference. Catch up on Amazon cloud updates you missed with this AWS re:Invent recap.
August 05, 2019 05 Aug'19
Capital One hack highlights SSRF concerns for AWS

Infosec pros warn of server-side request forgery vulnerabilities in AWS following the Capital One data breach, which may have revealed an issue regarding the AWS metadata service.

Bring yourself up to speed with our introductory content

Amazon Trust Services

Amazon Trust Services is a certificate authority created and operated by Amazon Web Services. Continue Reading
Amazon Cognito

Amazon Cognito is an Amazon Web Services product that controls user authentication and access for mobile applications on internet-connected devices. Continue Reading
When should you use AWS IAM roles vs. users?

Access management is critical to securing the cloud. Understand the differences between AWS IAM roles and users to properly restrict access to AWS resources. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

AWS security groups vs. network ACLs and other AWS firewalls

Protect your AWS cloud environment with these Amazon firewall services. Learn how security groups and network ACLs work, along with other key AWS firewall options. Continue Reading
AWS acquisitions continue with focus to build on core services

Explore what AWS' recent IT purchases say about the cloud vendor's overall acquisition strategy and why it likes to make the smaller deals instead of any big splash. Continue Reading
AWS WebSocket support ushers in real-time serverless features

The WebSockets vs. HTTP debate has changed for AWS users. With WebSocket support for Amazon API Gateway, users can build serverless applications that can communicate instantaneously. Continue Reading

Learn to apply best practices and optimize your operations.

Cloud security policy configuration in AWS, Azure and GCP

Explore cloud security policy configurations in AWS, Azure and GCP using native security tools in this excerpt of 'Multi-Cloud Architecture and Governance' by Jeroen Mulder. Continue Reading
4 tips for proper cyber hygiene during the remote workforce era

IT services firms have a responsibility to secure their clients' remote workforces. Here are four tips for maintaining cyber hygiene in the cloud, using AWS as an example. Continue Reading
VPC security best practices and how to implement them in AWS

To best secure network access, AWS administrators need to create rules for network resources. Learn how to implement Amazon VPC security best practices in this book excerpt. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

Hands-on guide to S3 bucket penetration testing

Attention AWS pen testers: The trick to understanding the indicators of AWS S3 bucket vulnerabilities is setting up an insecure bucket. Learn how in this actionable guide. Continue Reading
How to handle Amazon S3 bucket pen testing complexity

Security researcher Benjamin Caudill shares details from his book, 'Hands-On AWS Penetration Testing with Kali Linux,' and advice on Amazon S3 bucket pen testing for ethical hackers. Continue Reading
AWS should address these key challenges at re:Invent 2019

AWS has flooded its catalog with services, but enterprises still struggle with the gaps that remain. Find out which pain points cloud experts want AWS to address at re:Invent this year. Continue Reading