The Leader in Cloud Security Research

Our expert security research team discovers and analyzes cloud risks and vulnerabilities to strengthen the Orca platform and promote cloud security best practices. The Orca Research Pod has discovered 15+ major vulnerabilities on public cloud platforms which were subsequently fixed, and continually analyzes the security of public cloud assets being scanned by the Orca platform, and observes attacker tactics and techniques in the wild.

In The News

Top 5 cloud security risks and best countermeasures

May 19, 2023

Azure admins warned to disable shared key access as backdoor attack detailed

Apr 11, 2023

Microsoft Patches ‘Dangerous’ RCE Flaw in Azure Cloud Service

Mar 30, 2023

Featured Research

The Top 5 Cloud Security Risks of 2023 (so far)

May 18, 2023

Dependency Confusion Supply Chain Attacks: 49% of Organizations Are Vulnerable

May 09, 2023

2022 State of Public Cloud Security Report Reveals Critical Cloud Security Gaps

Sep 13, 2022

Discovered Vulnerabilities

18 Posts

Critical cloud infrastructure vulnerabilities discovered by the Orca Research Pod.

‘Orca Watch’ Series

15 Posts

Blog series that discusses trends and new risks as seen on the Orca platform.

Technical Deep Dives

14 Posts

In-depth, technical articles on cloud security and recommended best practices.

Latest from the Orca Research Pod

Discovered Vulnerabilities

From listKeys to Glory: How We Achieved a Subscription Privilege Escalation and RCE by Abusing Azure Storage Account Keys

Apr 11, 2023

Discovered Vulnerabilities

Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383)

Mar 30, 2023

Amazon Web Services (AWS)

Meet IAM APE: An Open Source Tool to Simplify AWS IAM Policy Management

Mar 09, 2023

‘Orca Watch’ Series

Everything You Didn’t Know About Cross-Account and Cross-Cloud Provider Attacks

Mar 08, 2023

‘Orca Watch’ Series

Five Things You Need to Know About Malware on Storage Buckets

Mar 02, 2023

See All Posts

Cloud Risk Encyclopedia

Search 2000+ cloud security risks or filter by cloud vendor, compliance framework, risk category, and criticality. 5 cloud platforms. 100+ compliance frameworks. 18 risk categories. 4 risk levels.

Learn more

The Leader in Cloud Security Research

In The News

Top 5 cloud security risks and best countermeasures

Azure admins warned to disable shared key access as backdoor attack detailed

Microsoft Patches ‘Dangerous’ RCE Flaw in Azure Cloud Service

Featured Research

The Top 5 Cloud Security Risks of 2023 (so far)

Dependency Confusion Supply Chain Attacks: 49% of Organizations Are Vulnerable

2022 State of Public Cloud Security Report Reveals Critical Cloud Security Gaps

Categories

Discovered Vulnerabilities

‘Orca Watch’ Series

Technical Deep Dives

Latest from the Orca Research Pod

From listKeys to Glory: How We Achieved a Subscription Privilege Escalation and RCE by Abusing Azure Storage Account Keys

Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383)

Meet IAM APE: An Open Source Tool to Simplify AWS IAM Policy Management

Everything You Didn’t Know About Cross-Account and Cross-Cloud Provider Attacks

Five Things You Need to Know About Malware on Storage Buckets

Cloud Risk Encyclopedia

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS