Mitre ATT&CK Technique ID Unsecured Credentials: Cloud Instance Metadata API T1552.005   The AWS Metadata service facilitates information access for applications running on a given EC2 instance. This is provided to... Read More

ScoutSuite Introduction ScoutSuite is a multi-cloud security auditing tool written by the wonderful folks over at NCC group. We use it heavily here at Renegade Labs, so I wanted to... Read More

  Imagine you are working on your SOC 2 report and trying to ensure you meet the CC1 (Common Criteria) controls. Most of these are met by performing corporate strategy... Read More

In modern web applications, almost all functionality offered to users is handled by an Application Programming Interface or API for short. To help visualize how this works, think of a... Read More

The release of PCI DSS version 4.0 marks the most significant change to thestandard in more than a decade prompting risk3sixty to make significantinvestments in people and technology to support... Read More

SOC 2 vs HITRUST i1 SOC 2 is a reporting framework developed and maintained by the American Institute of Certified Public Accountants (AICPA), and as such, a SOC 2 report... Read More

Risk3sixty is one of the best places to work (we have the awards to prove it!)  Recently, risk3sixty received the honor of being named a best place to work by... Read More

So, you’ve decided to get a SOC 2 Report (SOC 2 Attestation). However, you aren’t sure where to begin. This article details what you need to know before you start,... Read More

Before starting on your gap assessment, there are a few improvements that you can put in place to make your remediation period go by quicker and allow your team to... Read More

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have collaborated to create ISO/IEC 27001, the leading international standard for information security. The ISO framework consists of... Read More