AWS

How TablePlus survived a DDoS attack at zero cost by using Cloudflare R2 instead of AWS S3. The same attack on AWS would have cost $650+ in bandwidth charges. …

Real-world mistakes and hard lessons from implementing least privilege in cloud, from treating it as binary to lacking rollback mechanisms in automation. …

Lesser-known AWS WAF limitations from production experience: 8 KB body inspection limit, inflexible rate-limiting, sensitive header logging, and more. …

Key takeaways from AWS re:Inforce 2023, covering zero trust, data security, incident response, and new launches like CodeGuru Security, Security Lake, and Bedrock. …

Verifying a domain in AWS SES lets any IAM user with SES permissions spoof emails from any address on that domain. Here's the risk and how to fix it. …

A year of production experience with Cloud Custodian. Its strengths in real-time detection and auto-remediation, and its pain points in docs and multi-account setup. …

If you listen to anyone discussing AWS security, you probably heard about Amazon GuardDuty. It's an intelligent "threat detection" service from AWS. Should you enable GuardDuty? I hope you'll reach closer to your answer by the end of this blog post. …

CloudQuery and Steampipe have very similar functionalities. The actual difference is with the way they work and the problems they solve. This blog post compares both the tools and helps you answer the question: What should I use - CloudQuery or Steampipe? …

Lessons from testing AWS WAF Bot Control with 10M+ weekly requests. It can double your WAF bill and is easily bypassed with a valid browser User-Agent. …

There are so many resources around domain and subdomain takeovers but none around how to remove this bug class. In this blog post, I will walk you through the (sub)domain takeover bug class, the different types of takeovers, and finally the mitigations. …