Blog
Filtering on: Cloud security
-
October securityprogram.io Update
Our team has been crushing it on our https://securityprogram.io platform. We’re building neat features, and our customers are getting a lot out of it. I’m hoping we can release some of the case studies we’re working on soon! This post describes some of the recent advances in the tool.
-
Ransomware 101
We’ve seen a number of small and larger companies in our network targeted by ransomware in recent weeks so it seemed worth diving into some detail to talk about this topic - which I believe is a clear and present danger for companies of all sizes, including Jemurai!
-
Cloud Security In Real Life
We’re doing a fair number of cloud security assessments. This post will talk a bit about what we have found and some common ideas that seem to apply across them.
-
September securityprogram.io Update
As many of you know, we’ve been working hard on our security platform at https://securityprogram.io. This post provides a periodic update around what is going on with the product.
-
Using Github Pull Request Templates and Checks to Implement Security Checklists
This blog post will show one way to build security checklists into your code review and pull request flows in GitHub.
-
Ginkgo for BDD Infrastructure Security Testing
Recently I’ve been working on a series of unit tests in Ginkgo (a popular BDD testing framework for Golang) and thought it might make for an interesting point of reference.
-
The Not Insecure Podcast
Folks on the Jemurai team recently started a podcast in which they talk about security, and some of the challenges of building a secure security product! We thought it would be clever to call it Not Insecure.
-
Vendor Management
This post talks about the do’s and don’ts of implementing a vendor management program.
-
Jemurai and OSS
Today we added a section to our website to highlight open source software that we have been working on.
-
Update on SecurityProgram.io
In late March we announced our new offering securityprogram.io. In this post we want to provide an update around what we’ve been working on through May and how it works.
-
User Auditing with GAA
If you read the story about Samsung exposing SmartThings and AWS keys in code, which I came across through a Philippe De Ryck twitter post this AM, you might wonder how on earth those repositories came to be public. It turns out, that’s not that uncommon - and we wrote an open source tool to help clients work through this issue. This post introduces the tool and approach.
-
Encrypting Large Files
We have a client that is doing interesting data science that depends on processing very large files (100GB) that are also transferred between parties.
-
Package managers
Over the past few weeks we’ve been talking a lot internally at Jemurai about how package managers and the code repositories we use (often what people think of as open source) affect our security.
-
Announcing securityprogram.io
At Jemurai, we do a lot of custom projects building and breaking things and helping teams build more secure code.
-
Exploring CloudTrail
We had a customer ask us to dig for some indicators of compromise in their AWS account. We are already using our JASP tool to help them to check security configurations in general, so we took the opportunity to formalize some of what we’re doing into a tool which we plan to open source once we clean it up. This post presents some of the types of things that are challenging to just check in JASP and how we’re thinking about the tool.
-
Sharing Files with S3 Safely
It seems to me like back in the day, all the companies we worked with shared files with FTP. Remember FTP? A surprising number of enterprise integrations patters depended on FTP and eventually SFTP.
-
JASP Check Deep Dive: Redshift
Redshift is Amazon’s data warehousing solution. Here’s how they describe it on its promo page:
-
JASP Check Deep Dive: S3
It is very common to find Amazon S3 buckets misconfigured. We found one in a pen test this week.
-
JASP Check Deep Dive: ECR
As we build JASP, we’re brainstorming and learning about security (so far, primarily in AWS). This is the first in a series of “Check Deep Dive” posts that talk about things we are checking for in JASP. It seems like an interesting area to share information. Incidentally, we’re also going to post more meta posts about the Jemurai and JASP journey.
-
JASP Dashboards
JASP is a platform for security automation. We currently focus on monitoring AWS environments for potential security issues.
-
Learn From AWS Security Expert, Aaron Bedra
Cloud security April 20, 2018Our Chief Scientist, Aaron Bedra, will be on the road over the next month speaking at a few conferences. Most of his talks will involve around AWS Security and security for developers.