Shostack + Friends Blog

Posts in category "cloud security"

A set of cards with threats like our deployment artifacts contain secrets that can be extracted

Cumulus

Cumulus is a cloud-oriented version of Elevation of Privilege (06 Apr 2023)

Threat Modeling Google Cloud (Threat Model Thursday)

NCC has released a threat model for Google Cloud Platform. What can it teach us? (01 Mar 2023)

Threat Modeling Password Managers

[no description provided] (17 Jul 2017)

Our Favorite Content

Threat modeling blog posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS: If you’d like to subscribe, you can get the ATOM feed here.

Email: If you’d like every blog post by email, we’re experimenting with Substack. If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed.

Application and AI roundup - November

30 Nov 2023

A threat modeling conference, lots of government appsec guidance, and some updates from Shostack + Associates

C2PA Threat Modeling

29 Nov 2023

What can we learn from the C2PA security considerations document?

Threat Modeling Thursday: Thanksgiving

23 Nov 2023

What can we learn from Gunnar Peterson’s Threat Model for Thanksgiving?

Application and AI roundup - October

09 Nov 2023

Exciting news from the SEC, lots of AI, and lots of threat modeling.

Our site works best with Javascript enabled, however we have done our best to minimize any negative impacts to your experience without it.