Why you should not trust the cloud WAF? Introduction & Objective A web application firewall (WAF) or WAF appliance provides security by operating through an application or service thus blocking malicious calls, inputs, and outputs that do not meet the policy of a firewall. …

Amazon Simple Notification Service (Amazon SNS) is a fully managed messaging service for both application-to-application (A2A) and application-to-person (A2P) communication. How does Amazon SNS work? It is very easy to get started with Amazon SNS. Developers must first create a “topic” which is an “access point” — identifying a specific…

This guide talks about setting up the Clair scanner and performs scans on vulnerable DVWA container. Also now it is possible to perform a hands-on demo on katacoda. You can run the demo on Katacoda. For running the demo visit https://www.katacoda.com/justmorpheus Setting up Clair server or using locally. CoreOs Clair https://github.com/coreos/clair Clair-scanner https://github.com/arminc/clair-scanner

Manual security scanning is very time consuming and we can leverage headless Burp Suite to perform the scanning and get the results uploaded in the Google Drive directly via Pydrive Module in Python. This automation uses Burp Suite Pro along with Robot Framework and REST API using Python3. …

Installation of GCP Inspector and basics about enumerating publicly exposed GCP buckets. While playing Thunder CTF I created a simple python tool that can audit publicly accessible GCP storage buckets. Thunder CTF allows players to practice attacking vulnerable cloud projects on the Google Cloud Platform (GCP) environment. …