Introducing ControlCatalog – Improving the user experience from our 160+ page ThreatModel on Amazon S3 to a reactive UI
Today, we are launching the TrustOnCloud ControlCatalog. A reactive UI to navigate through our ThreatModels, and especially the open-source ThreatModel for Amazon S3.
After the initial release, we got some amazing replies (see below).
What’s stand out from those feedbacks and many others is: 1) it is important for security pros we go deep, and 2) it requires a big mental effort from the reader to just commit to glance a 160-page PDF.
With CloudControl, we want to help anyone to take advantage of the ThreatModels, whether you have 5 or 50 minutes. The ThreatModels are the same, the UI is different. It allows the reader to pivot between threats and controls, see the MITRE ATT&CK®, see the top threats and controls, or understand a particular flow, etc.
To get started, visit the ThreatModel of Amazon S3 on Control Catalog.
===========Hmmm — looks very interesting and helpful! https://t.co/loKwVwNQnV
— Jeff Barr ☁️ (@ 🏠 ) 💉 (@jeffbarr) February 18, 2022
Dear god this is fucking thorough https://t.co/OiDiGEMEZP
— Kinnaird McQuade💥🌩 (@kmcquade3) August 24, 2021
S3 threat model out on vacation! pic.twitter.com/demF11glnO
— katnik 💯 (@NightmareJS) February 4, 2022
Threat Model for AWS S3 via @trustoncloud. S3 is arguably the simplest of over 200 cloud services, each with its own (similarly complex) threat model.
This is why we drink. #infosechttps://t.co/e1EiaKflyz pic.twitter.com/jQi0hJsmXa — Jan Schaumann (@jschauma) August 28, 2021
A super comprehensive (160+ pages!) open source #AWS S3 threat model document from the team @trustoncloud. It’s incredible how many attack vectors can exist for just a single service.#cloud #securityhttps://t.co/ufibTHiX2Y
— Matt Fuller (@matthewdfuller) August 23, 2021