cloud-security
Safeguard articles tagged "cloud-security" — guides, analysis, and best practices for software supply chain and application security.
290 articles
Cloud-to-Code Traceability: Connecting Production Inciden...
When a production alert fires, it names an IP or image hash—rarely a commit or author. Here's why that gap exists and how to close it fast.
The Acquisition Pattern Behind AppSec's Runtime Visibilit...
From Cider Security to the $32B Google-Wiz deal, AppSec acquirers keep paying for one thing: runtime visibility into what code actually does in production.
Why Hyperscaler Partnerships Are Becoming Table Stakes fo...
Google's ~$32B Wiz deal signaled it: hyperscaler marketplaces, partner programs, and native tooling now shape how AppSec buying actually happens.
Kubernetes Security Breaches: What Actually Happened in Real Incidents
Real Kubernetes security breaches rarely start with an exotic zero-day — exposed dashboards, misconfigured RBAC, and default credentials show up again and again.
Encryption Services: Managed vs Self-Hosted
Choosing between a managed key management service and a self-hosted encryption stack comes down to who you trust to hold the keys and who you trust to patch the software.
AWS Service-Linked Role Abuse Techniques, 2025
Service-linked roles are the soft underbelly of AWS IAM. We catalogue the 2024-2025 abuse primitives and the detection queries that catch them.
Cloud Application Security Best Practices
Five layers cover most of the risk in cloud apps: identity, secrets, artifact scanning, pipeline gates, and runtime guardrails. Here is how to build each one without slowing delivery.
AWS Security Breaches: Lessons Learned From Real Incidents
Most AWS security breach postmortems trace back to a small set of repeating misconfigurations — public S3 buckets, overprivileged IAM roles, exposed credentials — not novel attacks on AWS itself.
AWS Security Tools: Native Services vs Third-Party Platforms
GuardDuty, Inspector, and Security Hub cover a lot of ground — but they stop at the AWS account boundary. Here is where native AWS security tools genuinely suffice and where third-party platforms earn their cost.
Cloud Workload Protection Platforms in 2024: What Actually Matters
Cutting through the CWPP marketing noise to identify the capabilities that genuinely protect cloud workloads from modern threats.
SSRF Examples and How They're Actually Exploited
Real SSRF examples, from cloud metadata theft to internal port scanning, showing exactly how a server-side request forgery bug gets turned into a full compromise.
Prisma Cloud Container Security: Palo Alto's Cloud Native Play
A review of Prisma Cloud's container and cloud workload security features, covering image scanning, runtime protection, compliance, and the Twistlock heritage.