Stratum's own Jared Perry gave a great talk at Code Europe in 2022. They posted the video today. Jared's perspective is based on performing hundreds of cloud security assessments for Stratum's customers. This is a great talk by someone who has a TON of experience poking around in a TON

Stratum performs an ever-increasing number of AWS security assessments for our customers from large to small. These deep-dive assessments help identify deficiencies within the customer's AWS configuration and processes that may expose the customer to risk. Example findings include specific configuration vulnerabilities such as overly permissive security groups, IAM privilege

Not a lot has changed in recent years with the security of HTTP cookies. As web application security testers, we have been performing a pretty standard set of tests in this area, including a check for two well-known cookie flags, HttpOnly and Secure. Recently, at Stratum Security we started adding

This is Part 4 of a multi-part series of posts on how we securely ran ThreatSim in AWS for 5 years and never lost a customer (that we know of) due to any cloud security concerns. In a traditional data center, network security plays a huge role in how you

This is Part 3 of a multi-part series of posts on how we securely ran ThreatSim in AWS for 5 years and never lost a customer (that we know of) due to any cloud security concerns. When we set up shop in AWS we ran through different risk models to

This is Part 2 of a multi-part series of posts on how we securely ran ThreatSim in AWS for 5 years and never lost a customer (that we know of) due to any cloud security concerns. In a traditional data center there are controls to prevent someone from turning off