The Most Efficient Way to Secure Your Cloud Environment and Reduce MTTR: The Benefit of Black Box Attack Path Analysis And Thinking Like an Attacker

By: Luke Tucker
Jan 11, 2023

Digesting vast amounts of data stored on modern data platforms such as a graph database is a primary benefit of true cloud attack path analysis. This is called contextual cloud security at scale. And it’s the key to noise reduction, improvement in...

What Is a Cloud-Native Application Protection Platform (CNAPP)? Four Must-Have Features

By: Panoptica Team
Dec 20, 2022

Cloud security is a giant field for good reason: 77% of CIOs say their IT environment changes once every minute or less. As you can imagine, the dynamic nature of cloud computing makes preventing, detecting and fixing vulnerabilities ...

AWS ECR Public Vulnerability

By: Gafnit Amiga
Dec 13, 2022

Executive Summary I discovered a critical AWS Elastic Container Registry Public (ECR Public) vulnerability that allowed external actors to delete, update, and create ECR Public images, layers, and tags in registries and repositories that belong t...

Protect Your Cloud-Native Apps from Common Security Failures

By: Tricia Nagar
Dec 6, 2022

The shift to cloud-native app development on Kubernetes is in full force. Today, cloud-native has become the strategy of choice in the software industry. There are plenty of reasons the industry is preferring cloud-native software development over l...

What is an SBOM (Software Bill of Materials)?

By: Panoptica Team
Dec 5, 2022

Understand why SBOMS are vital as part of covering your cloud estate and better securing your environments. What is an SBOM? SBOM or the Software Bill of Materials is the inventory package that comprises the different software components ...

58 Cloud Security Terms You Need to Know for 2023

By: Panoptica Team
Nov 30, 2022

Cloud security is broad and complex by nature – but it comes with a lot of specific terms and acronyms. That’s why we put together this continuously growing glossary of cloud security terms. Use this as a guide to help you unravel the nuance...

An Open-Source Antidote for a Growing Problem: API Security

By: Brianna Blacet
Nov 29, 2022

In an effort to support continuous development and release of new features at the lightning speed of today’s market, forward-looking organizations have been moving to cloud-native architectures in droves. The reasons are obvious: these decentraliz...

Undisclosed OpenSSL vulnerability: Free scripts for target scoping

By: Jonathan Rau
Oct 31, 2022

Tomorrow is “patch Tuesday” and it's a notable one. The OpenSSL project team announced last week that they will be releasing OpenSSL version 3.0.7, with a patch to fix a critical security vulnerability. Until the vulnerability details ...

What Is Graph Technology? What Can It Do?

By: Panoptica Team
Sep 22, 2022

Graph technology can help examine your data from a new perspective. Find out how graph technology may find previously unseen relationships in your data. What Is Graph Technology? Graph technology includes graph theory, graph analytics, and gra...

Azure Cloud Shell Command Injection Stealing User’s Access Tokens

By: Gafnit Amiga
Sep 20, 2022

Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. This post describes how I took over an Azure Cloud Shell trusted domain and leveraged it to inject and execute commands in other users’...