This research focuses on an aspect of security by default by looking at AWS Resources and their encryption state by default when created. We look into encryption types including AWS Owned and AWS Managed default encryption by KMS, history of encryption by default settings, and additional settings and guardrails to help with cloud data security.
Deep Dive on AWS Support for AWS Managed Keys. We found 39 AWS Services that Support AWS Managed Keys and created documentation around service support, details and interesting details about AWS Managed Keys and their key policies, and created a tool to help you check support and access for AWS Managed Keys.
A look at Amazon Web Services's Block Public Access feature across AWS services such as EC2, S3, EMR, DynamoDB and how secure by default principles apply to account configuration to add additional layers of security as well as best practices for configuration.
A scenario with Amazon S3 where S3's Block Public Access Check can be circumvented to make a S3 Bucket public.
Research on AWS's Quantum Ledger Database and the misleading reporting of at-rest data encryption. Misleading reporting from encryption status may result in false positives for security and compliance of the QLDB and cause issues for security and application teams.