iam
Safeguard articles tagged "iam" — guides, analysis, and best practices for software supply chain and application security.
36 articles
The AWS migration security checklist: IAM, encryption, and network segmentation
A misconfigured WAF and an over-permissioned IAM role exposed 106 million records in 2019 — here's the checklist that prevents a repeat during your AWS migration.
The AWS misconfiguration cheat sheet: public S3, open IAM, and open security groups
Three misconfigurations — public S3 buckets, over-permissioned IAM roles, and 0.0.0.0/0 security groups — keep causing breaches. Here's the CLI to find and fix each one.
The 2026 AWS Security Checklist: Account, IAM, Network, and Data Controls
One SSRF call against an unpatched WAF and a permissive IAM role were enough to expose 106 million Capital One records in 2019 — here's the checklist that stops it.
The most common AWS misconfigurations in 2026, with detection commands
Public S3 buckets, wildcard IAM policies, and 0.0.0.0/0 security groups remain the top three AWS findings — here's how to detect each with native tools.
Why Cloud Security Outcomes Depend on Developers, Not Gatekeepers
Gartner projected 99% of cloud security failures through 2025 would be the customer's fault — the fix is guardrails developers own, not a central team reviewing after the fact.
Secure-by-design principles for cloud architecture: prevention over detection
The 2019 Capital One breach hit 700+ S3 buckets through one SSRF call. Secure-by-design architecture stops that path before it exists.
The most common cloud misconfigurations, and the queries that catch them
Cloud misconfiguration was the initial attack vector in 15% of breaches in IBM's 2024 study — tied with phishing. Here are the six patterns and the queries to find them.
Detecting and remediating Terraform and CloudFormation drift
Terraform's own drift check can return an ambiguous exit code — here's how declared IaC state quietly diverges from live cloud resources, and how to catch it.
The AWS Shared Responsibility Model, Explained With Real Examples
AWS secures the cloud; you secure what's in it. Most breaches — like the thousands of exposed public S3 buckets found every year — happen entirely on the customer's side of that line.
High-profile AWS breaches: lessons learned
Capital One's 2019 breach exposed 106 million records through a single SSRF call to the EC2 metadata service — here's the exact control that would have stopped it.
The S3 bucket security checklist every AWS team needs
AWS made Block Public Access the default for new S3 buckets in April 2023 — but the Capital One breach exposed 106 million records through IAM, not a bucket setting.
What Is Privilege Escalation? A 2026 Explainer
Privilege escalation is how a limited foothold becomes full control. This explainer covers vertical vs. horizontal paths across Linux, containers, and cloud IAM.