Blog

Filtering on: Cloud security

• Package managers

  Security Cloud security April 17, 2019

  Over the past few weeks we’ve been talking a lot internally at Jemurai about how package managers and the code repositories we use (often what people think of as open source) affect our security.

  Read More

• Announcing securityprogram.io

  Security Cloud security March 29, 2019

  At Jemurai, we do a lot of custom projects building and breaking things and helping teams build more secure code.

  Read More

• Exploring CloudTrail

  Security Cloud security March 25, 2019

  We had a customer ask us to dig for some indicators of compromise in their AWS account. We are already using our JASP tool to help them to check security configurations in general, so we took the opportunity to formalize some of what we’re doing into a tool which we plan to open source once we clean it up. This post presents some of the types of things that are challenging to just check in JASP and how we’re thinking about the tool.

  Read More

• Sharing Files with S3 Safely

  Security Cloud security March 15, 2019

  It seems to me like back in the day, all the companies we worked with shared files with FTP. Remember FTP? A surprising number of enterprise integrations patters depended on FTP and eventually SFTP.

  Read More

• JASP Check Deep Dive: Redshift

  Cloud security Jasp November 30, 2018

  Redshift is Amazon’s data warehousing solution.  Here’s how they describe it on its promo page:

  Read More

• JASP Check Deep Dive: S3

  Cloud security Jasp November 08, 2018

  It is very common to find Amazon S3 buckets misconfigured. We found one in a pen test this week.

  Read More

• JASP Check Deep Dive: ECR

  Application security Cloud security Jasp October 31, 2018

  As we build JASP, we’re brainstorming and learning about security (so far, primarily in AWS).  This is the first in a series of “Check Deep Dive” posts that talk about things we are checking for in JASP.  It seems like an interesting area to share information.  Incidentally, we’re also going to post more meta posts about the Jemurai and JASP journey.

  Read More

• JASP Dashboards

  Cloud security Jasp October 30, 2018

  JASP is a platform for security automation.  We currently focus on monitoring AWS environments for potential security issues.

  Read More

• Learn From AWS Security Expert, Aaron Bedra

  Cloud security April 20, 2018

  Our Chief Scientist, Aaron Bedra, will be on the road over the next month speaking at a few conferences. Most of his talks will involve around AWS Security and security for developers.

  Read More