misconfiguration
Safeguard articles tagged "misconfiguration" — guides, analysis, and best practices for software supply chain and application security.
23 articles
Insecure defaults in Azure ARM templates: a pre-deployment scanning guide
Azure Resource Manager templates don't enforce TLS 1.2 or block public blob access by default — here's how to catch it before terraform apply's Azure cousin ever runs.
Exposed .git Directories and the Git Internals That Leak Your Source
Roughly 4.96 million IPs expose .git metadata today, and over 252,000 leak live credentials in .git/config — a 2018-era bug that never went away.
The S3 bucket security hardening checklist
AWS blocked public access by default in April 2023, yet misconfigured buckets still leak data — here's a concrete checklist and Terraform to close the gaps.
The most common AWS misconfigurations in 2026, with detection commands
Public S3 buckets, wildcard IAM policies, and 0.0.0.0/0 security groups remain the top three AWS findings — here's how to detect each with native tools.
AWS secure REST API vs. S3: where shared responsibility actually splits
S3 buckets are private by default — every public leak is a customer misconfiguration. Capital One's 2019 breach of 106 million records proves the boundary.
Common Configuration Scoring System (CCSS) explained
NIST published CCSS in December 2010 to score misconfigurations the way CVSS scores bugs — most cloud teams have never applied it.
The S3 bucket security checklist every AWS team needs
AWS made Block Public Access the default for new S3 buckets in April 2023 — but the Capital One breach exposed 106 million records through IAM, not a bucket setting.
The most common infrastructure-as-code security risks, with Terraform examples
AWS S3 buckets are private by default, yet public-bucket findings still top every cloud posture scan — because Terraform's own access-block resource defaults to open.
Cloud Security for Beginners: Your First Steps in the Cloud
The cloud gives you enormous power with a few clicks, and that includes the power to expose data by accident. Here is a warm, beginner-friendly guide with a first check you can run on your own account today.
Cloud Misconfiguration Prevention: Stop Breaches Before They Ship
Misconfiguration is the leading cause of cloud breaches, and it has no CVE and no patch. Here's a taxonomy of the common ones and a shift-left playbook to prevent them.
What Is Infrastructure as Code (IaC) Security?
Infrastructure as Code (IaC) security is the practice of scanning and hardening the machine-readable files that define your cloud infrastructure — before they provision anything. Here's how it catches misconfigurations at the source.
How to secure an Amazon S3 bucket
S3 misconfigurations have caused breaches from Verizon to Pegasus Airlines. Here's what actually secures a bucket—defaults, policies, encryption, and monitoring that hold.