36 questions
0
votes
2
answers
62
views
Using Google Cloud Dataflow with a Custom Service Account, Pub/Sub, and Least Privilege
I want to run Dataflow jobs with a per job dedicated custom service account.
Upon creation, the Dataflow job wants to create a new Pub/Sub subscription, on deployment, to use as the watermark tracking ...
- 20k
0
votes
0
answers
73
views
Is it a bad practice for Amazon Cognito to keep the UserPoolId and ClientId hardcoded in the source code on the front end?
I would like to ask if there is any security misconfiguration in Amazon Cognito to store the UserPoolId and the ClientId hardcoded in the source code of a web page. Let's say that an unauthorized user ...
0
votes
1
answer
372
views
How To Give Access To Resources Behind A GPC VPC Perimeter?
I have recently set up a VPC Service Control policy in GCP. For all intents an purposes it works alright but I am having 2 problems. Both of these problems have to do with App Engine. Here are the 2 ...
- 299
0
votes
1
answer
523
views
Why can't security administrator see resources in a subscription?
I have Security administrator role on a subscription. Now, what I want to see is the resources available in the subscription to know the attack surface, but when I go to the resources tab, I see ...
1
vote
1
answer
61
views
Ensure that App Engine applications enforce HTTPS connections
I have to Verify that the app.yaml file controlling the application contains a line which enforces
secure connections. For example
handlers:
- url: /.*
secure: always
redirect_http_response_code: ...
- 11
0
votes
1
answer
298
views
Are TsunamiSecurityScanner queries on cloud run instances an attack or Google check?
During the night, all my cloud run instances on the same project (there are python and node.js instances) received numerous requests with the tag TsunamiSecurityScanner (see attached image) ?
Is this ...
- 15
0
votes
1
answer
699
views
Unable to parse parameter: promoteorqurantineFunctionName
I'm deploying an Azure function app as a part of security implementation into and I'm getting the above mentioned error as mentioned in Title section. Here is the powershell script i am running
az ...
0
votes
1
answer
396
views
Is it possible to block malicious domains in AWS by adding them in Threat List?
I am trying to block malicious domains through AWS Guard Duty which were being queried by some of the EC2 instances. During some research I found out, We can block only IP addresses by adding them in ...
0
votes
2
answers
1k
views
How to use non-default Google Service Account credentials with SecretManagerService in Google Cloud Function?
How do I pass non-default Google Service Account credentials to SecretManagerService or SecretManagerServiceClient in Google Cloud Function production environment? Docs are here.
When running locally ...
- 87
0
votes
0
answers
529
views
S3 bucket: Restrict access
I'm trying to restrict access to a set of buckets using boto3.
Consider that I'm dealing with around 200 buckets and that I have to create a rollback solution to undo the changes that I will make in ...
- 221
1
vote
1
answer
332
views
How to spot public S3 buckets
I'm trying to list all the buckets with some kind of public access in an account.
The question is: is my rationale correct?
I first checked buckets' access block configuration:
filtered_buckets = ...
- 221
0
votes
0
answers
78
views
Which powershell module does the Get-PrivacyManagementRule command fall in?
I've been trying to figure out how a few security settings in M365 tenant can be configured via Powershell.
I was looking into Privacy Management in the admin console which has a bunch of settings I ...
0
votes
1
answer
408
views
AWS Pen test - vulnerability scanning
I am trying to find out if it is correct to say that - In AWS we can only perform vulnerability scanning for EC2 instances.
From my research, it seems like there can be pen tests on other AWS services,...
- 4,480
0
votes
0
answers
246
views
Guardduty not able to detect attacks outside the Aws
I am trying to test guardduty by pulling off a brute force attack on Windows target ec2 host from my local windows machine (outside aws) using RDP. What i can see is there are no finding getting ...
- 1,385
1
vote
2
answers
8k
views
Access Amazon S3 from a Java program
I have a Java program which needs to access Amazon S3 to put some files there. Please note that this Java program is running in my desktop (not in EC2). What's the best secure way to access Amazon S3 ...
- 1,358