Research Pod Archives | Page 7 of 10

Meet IAM APE: An Open Source Tool to Simplify AWS IAM Policy Management

Amazon Web Services

Meet IAM APE: An Open Source Tool to Simplify AWS IAM Policy Management

We're excited to announce the release of our new free community cloud security tool IAM AWS Policy Evaluator (IAM APE),...

Tohar Braun

Mar 09, 2023

Everything You Didn’t Know About Cross-Account and Cross-Cloud Provider Attacks

‘Orca Watch’ Series

Everything You Didn’t Know About Cross-Account and Cross-Cloud Provider Attacks

Wait, did you say ‘Cross-Cloud Provider Attacks’? Yes, this is actually a growing type of attack path: As organizations increasingly...

Deborah Galea Oren Margalit

Mar 08, 2023

Five Things You Need to Know About Malware on Storage Buckets

‘Orca Watch’ Series

Five Things You Need to Know About Malware on Storage Buckets

Cloud storage buckets, such as Amazon S3 Buckets, Azure Blob storage and GCP storage buckets, are a popular storage solution...

Bar Kaduri Deborah Galea

Mar 02, 2023

Cloud Native Security: OWASP Kubernetes Top 10

Research

Cloud Native Security: OWASP Kubernetes Top 10

As more organizations adopt containerized infrastructure, the need for effective security practices becomes increasingly important. Recently released by the OWASP...

Ido Nidbach

Jan 26, 2023

Elastic IP Transfer: Identifying and Mitigating Risks from a New Attack-Vector on AWS

Research

Elastic IP Transfer: Identifying and Mitigating Risks from a New Attack-Vector on AWS

Elastic IPs (EIPs) are public and static IPv4 addresses provided by AWS. EIPs can be viewed as a pool of...

Roi Nisimi

Jan 18, 2023

How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services

Discovered Vulnerabilities

How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services

As part of the Orca Research Pod efforts, we regularly research various cloud provider services and capabilities to help our...

Lidor Ben Shitrit

Jan 17, 2023

Unauthenticated SSRF Vulnerability on Azure Digital Twins Explorer

Discovered Vulnerabilities

Unauthenticated SSRF Vulnerability on Azure Digital Twins Explorer

In this blog we describe how we uncovered an SSRF Vulnerability in the Azure DigitalTwins Explorer service, allowing any unauthenticated...

Lidor Ben Shitrit

Jan 17, 2023

Unauthenticated SSRF Vulnerability on Azure Functions

Discovered Vulnerabilities

Unauthenticated SSRF Vulnerability on Azure Functions

In this blog we describe how we uncovered an SSRF Vulnerability in Azure Functions allowing any unauthenticated user to request...

Lidor Ben Shitrit

Jan 17, 2023

Authenticated SSRF Vulnerability on Azure API Management Service

Discovered Vulnerabilities

Authenticated SSRF Vulnerability on Azure API Management Service

In this blog we describe how we uncovered an important Server-Side Request Forgery (SSRF) Vulnerability on Azure API Management Service,...

Lidor Ben Shitrit

Jan 17, 2023

Research Pod

Meet IAM APE: An Open Source Tool to Simplify AWS IAM Policy Management

Everything You Didn’t Know About Cross-Account and Cross-Cloud Provider Attacks

Five Things You Need to Know About Malware on Storage Buckets

Cloud Native Security: OWASP Kubernetes Top 10

Elastic IP Transfer: Identifying and Mitigating Risks from a New Attack-Vector on AWS

How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services

Unauthenticated SSRF Vulnerability on Azure Digital Twins Explorer

Unauthenticated SSRF Vulnerability on Azure Functions

Authenticated SSRF Vulnerability on Azure API Management Service

See Orca Security in Action

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons