AWS Cognito Security — Cognito User Pool Introduction and User Attributes
Unveil the intricacies of Amazon Cognito User Pools in our latest blog post. We delve into the technicalities of user attributes, identifiers, and app clients, guiding you through the login flow and token reception. Discover how to leverage Cognito tokens for data collection and learn to navigate common misconfigurations that developers might miss.
AWS Cognito Security — Overview
Discover the hidden security risks in Amazon Cognito with our blog series. Dive into AWS Cognito’s structure, components, and use cases, uncovering new attack vectors and misconfigurations.
AWS Cognito User Pool — Shared User Pools
Explore the risks of shared User Pools in AWS Cognito where users from one app can access another, potentially exposing sensitive resources.
The Unexpected Benefits of Threat Modeling
Threat modeling is a disciplined approach to technology design that identifies security threats and design constraints to prevent security flaws before they manifest in your platform.
Vulnerability Research and the Importance of Supporting Young Talent
This is a story with a happy ending where we were able to get back to the collaboration from the early open disclosure days, utilize modern practices to ensure responsible handling of the information, and allow a young person to make a positive contribution to infosec.
TunnelVision (CVE-2024-3661): How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak
We discovered a fundamental design problem in VPNs and we're calling it TunnelVision. This problem lets someone see what you're doing online, even if you think you're safely using a VPN.