Our latest blogs
Exploit two of the most common vulnerabilities in Amazon Cognito with CloudGoat
During our in-depth research for Amazon Cognito ThreatModel, we found potential security threats that may be overlooked during its implementation for user authentication and authorization. To help educate the community

The last Azure Storage security document that we’ll ever need and how to use it
To celebrate the new year, we have released the ThreatModel for Azure Storage, free and open source, to help everyone identify and mitigate security risks when using this service. You
Introducing ControlCatalog – Improving the user experience from our 160+ page ThreatModel on Amazon S3 to a reactive UI
Today, we have launched the TrustOnCloud ControlCatalog. A reactive UI to navigate our ThreatModels, such as the open-source ThreatModel for Amazon S3. After the initial release, we got some fantastic
AWS IAM Awards: the best (and the worst) AWS Services
To celebrate another AWS Re:Invent, we are launching the IAM awards for AWS service teams, namely: “Our TPM is AWSome” award “My first DeepRacer model” award “We walk the talk”
Exfiltrate data from your super-secure Google Cloud project, using the security control built to prevent it [fixed]
Needless to say, it was ironic to find a data exfil vector using the service that “mitigate threats such as data exfiltration“: VPC Service Controls. VPC Service Controls are the
The last S3 security document that we’ll ever need, and how to use it
2022-02 – We have launched ControlCatalog, a friendly UI for our in-depth ThreatModels. We have released the ThreatModel for Amazon S3, free and open source. You can download it via