This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity.
Announcing the AWS blog post series
22 Feb 2015 – Loïc Simon
Starting this month, iSEC Partners will start a series of blog posts related to AWS. The goal of these blog posts will be to:
- Discuss common security gaps in AWS environments
- Discuss common security gaps in the architecture of applications deployed in the cloud
- Describe methods and tools used to identify these security gaps
- Share tools and scripts that facilitate daily and secure work with AWS
- Share AWS policies that help improve the security posture of AWS environments
To share material, iSEC created a new public AWS-recipes repository on GitHub. The tools and policies shared in this repository will be discussed and explained in dedicated blog articles.
Because iSEC has been assessing the security of clients’ AWS environments for several years, we have a number of ideas and articles in the pipe awaiting to be written and published. Without further ado, we will start this series with articles that discuss Identity and Access Management (IAM) common issues and best practices, and will present a strategy to improve one’s security posture when using AWS.