Cloud Security #470
Description
Hi,
I'm opening this issue to propose adding Cloud Security to the VRT. Below are suggested entries and short justifications:
Cloud Security > Identity and Access Management (IAM) Misconfigurations > Overly Permissive IAM Roles > P2
Broad IAM roles enable privilege escalation or unintended access to critical resources, often leading to full account compromise. It's a top misconfiguration in cloud breaches.
Cloud Security > Identity and Access Management (IAM) Misconfigurations > Publicly Accessible IAM Credentials > P1
Exposed IAM keys allow attackers to directly interact with cloud APIs, often resulting in full infrastructure takeover. Immediate exploitation is trivial and widespread.
Cloud Security > Storage Misconfigurations > Publicly Accessible Cloud Storage > Varies
Open buckets can expose sensitive data, including PII or credentials, to anyone on the internet. It’s a frequent, high-impact misconfiguration with clear real-world breach examples.
Cloud Security > Storage Misconfigurations > Unencrypted Sensitive Data at Rest > P2
Storing unencrypted sensitive data increases risk in the event of unauthorized access or data exfiltration. While not immediately exploitable, it violates cloud security best practices.
Cloud Security > Network Configuration Issues > Open Management Ports to the Internet > P3
Exposing RDP, SSH, or admin consoles publicly invites brute-force, zero-day, or misconfig exploitation. It's a direct path to system compromise.
Cloud Security > Network Configuration Issues > Lack of Network Segmentation > P3
Poor segmentation allows lateral movement across services or environments, increasing blast radius post-compromise. It significantly weakens cloud defense-in-depth.
Cloud Security > Misconfigured Services and APIs > Exposed Debug or Admin Interfaces > Varies
Debug or admin interfaces often lack proper authentication and can leak sensitive system internals or offer remote control. They are a frequent entry point in high-impact breaches.
Cloud Security > Misconfigured Services and APIs > Insecure API Endpoints > P4
APIs without auth, rate-limiting, or input validation can be abused for data exfiltration or unauthorized actions. They're increasingly targeted in modern cloud-native attacks.
Cloud Security > Logging and Monitoring Issues > Disabled or Insufficient Logging > P5
Without proper logs, it’s nearly impossible to detect or investigate breaches. It’s not directly exploitable but critically hinders incident response and compliance.