Safeguard
Tag

misconfiguration

Safeguard articles tagged "misconfiguration" — guides, analysis, and best practices for software supply chain and application security.

23 articles

Cloud Security

Insecure defaults in Azure ARM templates: a pre-deployment scanning guide

Azure Resource Manager templates don't enforce TLS 1.2 or block public blob access by default — here's how to catch it before terraform apply's Azure cousin ever runs.

Jul 16, 20267 min read
Application Security

Exposed .git Directories and the Git Internals That Leak Your Source

Roughly 4.96 million IPs expose .git metadata today, and over 252,000 leak live credentials in .git/config — a 2018-era bug that never went away.

Jul 15, 20266 min read
Cloud Security

The S3 bucket security hardening checklist

AWS blocked public access by default in April 2023, yet misconfigured buckets still leak data — here's a concrete checklist and Terraform to close the gaps.

Jul 14, 20267 min read
Cloud Security

The most common AWS misconfigurations in 2026, with detection commands

Public S3 buckets, wildcard IAM policies, and 0.0.0.0/0 security groups remain the top three AWS findings — here's how to detect each with native tools.

Jul 12, 20266 min read
Cloud Security

AWS secure REST API vs. S3: where shared responsibility actually splits

S3 buckets are private by default — every public leak is a customer misconfiguration. Capital One's 2019 breach of 106 million records proves the boundary.

Jul 8, 20267 min read
Cloud Security

Common Configuration Scoring System (CCSS) explained

NIST published CCSS in December 2010 to score misconfigurations the way CVSS scores bugs — most cloud teams have never applied it.

Jul 8, 20266 min read
Cloud Security

The S3 bucket security checklist every AWS team needs

AWS made Block Public Access the default for new S3 buckets in April 2023 — but the Capital One breach exposed 106 million records through IAM, not a bucket setting.

Jul 8, 20267 min read
Cloud Security

The most common infrastructure-as-code security risks, with Terraform examples

AWS S3 buckets are private by default, yet public-bucket findings still top every cloud posture scan — because Terraform's own access-block resource defaults to open.

Jul 8, 20266 min read
Guides

Cloud Security for Beginners: Your First Steps in the Cloud

The cloud gives you enormous power with a few clicks, and that includes the power to expose data by accident. Here is a warm, beginner-friendly guide with a first check you can run on your own account today.

Jul 4, 20266 min read
Cloud Security

Cloud Misconfiguration Prevention: Stop Breaches Before They Ship

Misconfiguration is the leading cause of cloud breaches, and it has no CVE and no patch. Here's a taxonomy of the common ones and a shift-left playbook to prevent them.

Jul 3, 20265 min read
Concepts

What Is Infrastructure as Code (IaC) Security?

Infrastructure as Code (IaC) security is the practice of scanning and hardening the machine-readable files that define your cloud infrastructure — before they provision anything. Here's how it catches misconfigurations at the source.

Jul 2, 20266 min read
Application Security

How to secure an Amazon S3 bucket

S3 misconfigurations have caused breaches from Verizon to Pegasus Airlines. Here's what actually secures a bucket—defaults, policies, encryption, and monitoring that hold.

Jun 20, 20268 min read
misconfiguration — Safeguard Blog