Shadow Roles: AWS Defaults Can Open the Door to Service Takeover
Sign in
Contact
Support
We're hiring!
Aqua Security
Platform
Solutions
Resources
Company
Platform
Aqua Platform
Unified Cloud Security
Gain total lifecycle visibility, reduce risks and stop attacks with the most comprehensive, fully integrated CNAPP, AI security and AI-guided remediation.
Platform overview
All platform Integrations
Aqua CNAPP in action
Aqua Open Source
Driving security innovation in the cloud native community
Trivy
Tracee
Code Security
Scanning & Assurance
Scan artifacts across the entire software development lifecycle
Software Supply Chain Security
Protect your code, tools, and processes
Vulnerability Management
Advanced Code-to-Cloud vulnerability management to reduce noise and fix fast
Runtime Security
Container Security
Full lifecycle advanced protection for containerized applications
Cloud Workload Protection (CWPP)
Runtime protection for every cloud native workload
Hybrid-Cloud & Multi-Cloud Security
Code to Cloud security for hybrid and multi-cloud deployments
Posture Management
CI/CD Pipeline Security
Automate DevSecOps
Kubernetes Security
Holistic Kubernetes Security for the Enterprise
Cloud Security Posture Management
Extend traditional CSPM with workload visibility
What's New?
From Prompt to Production: Runtime Protection for AI Workloads
What’s Really Happening in Your Containers? Aqua’s Risk Assessment Has the Answer
New in Aqua Hub: Cut Through Alert Noise and Fix Toxic Combinations First
Solutions
Use Cases
Automate DevSecOps
Security and speed without compromise
GenAI Application Security
Secure GenAI Applications from Code to Runtime
Detection and Response
Cloud native detection & Response (CNDR)
Hybrid-Cloud & Multi-Cloud
Security for hybrid and multi-cloud deployments
Prove Compliance
Controls for PCI, HIPAA, GDPR, and beyond
Solutions
Docker Security
Enterprise-Grade security for Docker environments
AWS Cloud Security
Protect cloud native workloads on AWS
Google Cloud Security
Secure K8s apps on Google Cloud Platform
OpenShift Security
Cloud Native Security for Red Hat OpenShift
VMware Tanzu Security
Native security across VMware Tanzu
Azure Cloud Security
Complete Security for Azure Container Workloads
Industry
Federal
CNAPP solution for Federal Government
Financial Services
One platform for financial services
eBook
Hybrid Cloud, Multi-Cloud, Every Cloud, Secured.
Resources
The best of cloud native
Aqua Blog
Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
Read the Blog
SEC vs. SolarWinds: A Cybersecurity Game Changer for CISOs
Accenture and Aqua Partner to Empower Cloud Security
Resources
Resources Center
eBooks, Data sheets, Whitepapers, Webinars, and much more
The Cloud Native Channel
Cloud native security webinars & videos
Aquademy
The Aqua academy
Cloud Native Wiki
The educational center for everything cloud native
Docker Containers
Software supply chain security
Cloud security
Kubernetes
Application Security
DevSecOps
Aqua research team
Security research focused on the cloud native stack to identify new threats and attack vectors
More security research
2023 Annual Aqua Nautilus Research
A Comprehensive Cloud Native Threat Report
Company
Recognized Leadership
CISO Choice Awards
Winner for Cloud Workload Protection Platform (CWPP)
Forrester Consulting: The Total Economic Impact™ of Aqua CNAPP
90% Reduction in vulnerability research and detection time
Frost & Sullivan CNAPP report
Top innovation leader
About Us
Newsroom
Customers
Partners
Careers
Support
Services
Upcoming Events
Connect
Contact
Twitter
Facebook
Linkedin
Instagram
News
AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation
Aqua Security Named Winner in the 2025 Cloud Security Awards
Aqua Security Achieves AWS Government Competency Status
Search
Get Started
Cloud Native Channel
Webinars and videos presented by leading industry experts covering Microservices, Container & Serverless security, Kubernetes, DevSecOps, and everything related to the most disruptive area in IT
Webinar
A Panel about Enterprise Kubernetes Security Challenges
Expert Panel
Webinar
GenAI is Everywhere: Is Your Security Ready?
Webinar
Cloud Native Vulnerabilities Explained.
Webinar
Behind the Code: Discovering and Protecting Exposed Secrets
Webinar
Navigating Attack Paths in the Cloud: A Framework for Swift Remediation
Webinar
A Three-Part Time Traveling Webinar Series: Navigating Container Security
Webinar
DevSecOps: Making it Happen
Webinar
So You're Scanning, Now What?
Webinar
AWS Security LIVE! Modernizing Cloud Native Applications
Webinar
6 CNAPP Pitfalls and How to Avoid Them
Webinar
Aligning to the DORA Regulations with Aqua
Webinar
Catch Me If You Can: Uncovering Malicious Behavior in Container Images
Webinar
Accelerate Application Modernization: Faster, Smarter Deployments on AWS
Webinar
Proactive Strategies for Risk Prevention in Container Based Workloads
Webinar
Operationalizing Zero Trust: Securing Containers in Runtime
Webinar
REDIScovering Headcrab - A Technical Analysis of a Novel Malware and the Mind Behind It
Webinar
The Top 7 Cloud Native Security Myths Debunked
Webinar
Blinders Off: Synergetic Security in Cloud Native Applications
Webinar
Unbreakable Cloud: Building the Foundation for Runtime Security
Webinar
Incident Immunity: Effective Response Without Downtime in Cloud Native Apps
Webinar
A Symbiotic Journey of CISO Expertise & Researcher Insight in Cloud Native Environments
Webinar
Incorporating Security into Platform Engineering: The Dos and Dont’s
Webinar
Navigating the Landscape of Runtime Security for Cloud-Native Environments
Webinar
3 Ways to streamline your cloud security initiatives
Webinar
CSPM ≠ CNAPP: A Thought Leadership Panel
Webinar
Serverless, Not Defenseless: Demystifying AWS Fargate Security Challenges
Webinar
NIS2 Compliance and What You Need to Know
Webinar
Fortify Your Cloud Journey: Mastering Workload Protection
Webinar
Cloud Security Explained: Code-To-Cloud and Back Webinar Series
Webinar
CNAPP Explained: Code-To-Cloud & Back Webinar Series
Webinar
The Evolution of Cloud Security Posture Management (CSPM)
Webinar
Cloud Security 101
Webinar
Empowering Financial Services Organizations with CSPM
Webinar
Real-Time CSPM: Cloud Security Starts with Complete Visibility
Webinar
Strengthening Federal Software Infrastructure: Importance of SBOM Compliance Standards
Webinar
CISO Panel: Tips for Optimizing your cloud native stack
Webinar
Implementing Zero-Trust Security: A Comprehensive Guide for Cloud-Native Environments
Webinar
Steve Wrenn, former CIO of Johnson & Johnson Speaks About Achieving Better OUTCOMES
Webinar
Webinar Series: Dev Security Explained. Code-To-Cloud
Webinar
A Long Term Strategy for Maintaining Compliance Guidelines
Webinar
Moving Beyond SBOMS to Secure the Software Supply Chain
Webinar
PwC Panel: Hands On Readiness for Software Supply Chain Security
Webinar
CISO Panel: Getting Ready for Executive Order 14028
Webinar
Uber Verdict: The CISO, The Law and The Door!
Webinar
A Cloud Native Approach to Zero Trust
Webinar
Security Best Practices for Azure Kubernetes Services
Webinar
Software Supply Chain Security with Azure DevOps
Webinar
Scaling Kubernetes Security with Kubernetes Goat
Webinar
Thinking Different: How to Approach Kubernetes Security & Governance
Webinar
Managing your SaaS apps with Terraform, the GitOps way
Webinar
Red Hat, Aqua Security & IBM Power: Demystifying Security for App Modernization
Webinar
Extending the focus of application security to securing the software supply chain
Webinar
How to remediate zero day attacks 3x faster: Within your software supply chain
Webinar
Security and Assurance for AWS Fargate Containers
Webinar
Cloud Native Attacks: Why Runtime Protection is Not Optional
Webinar
Best Practices for Zero Trust & Securing the Federal Software Supply Chain
Webinar
Building Blocks of a Cloud Native Security Program
Webinar
Jump/Start Webinar Series: Container and Cloud Native Application Security
Webinar
CNAPP 101: Tech’s Newest Approach to Securing Cloud Native Assets
Webinar
Securing the Software Supply Chain
Webinar
Log4j - What to Know and How to Mitigate It
Webinar
A DZone and Aqua Webinar
What is Kubernetes Security?
Webinar
What’s Next for DevSecOps: 'Shift Right' for Runtime Protection
Webinar
KubeSec Enterprise Online NA 2021
Webinar
Runtime Security using Tracee: A Walk-through Explainer Demo
Webinar
Native and Holistic Kubernetes Security
Webinar
Climbing High - The State of DevSecOps Today
Webinar
Anatomy of Cloud Native Attacks and How To Stop Them
Webinar
Rethinking the Sec in DevSecOps: Security as Code
Webinar
Securing the Software Supply Chain for Cloud Native
Webinar
Infrastructure & Ops Superstream: Creating Your Kubernetes Platform
Webinar
Risk-based Vulnerability Management for Cloud Native Apps: A Comprehensive View
Webinar
Identity-Based Microsegmentation
Webinar
Securing workloads on innovative cloud native architectures
Webinar
A Blueprint to Cloud Native Security on Red Hat OpenShift
Webinar
A Complete Approach to Cloud Native Security
Webinar
CSPM (Cloud Security Posture Management) 101 Webinar
Webinar
A Case Study and a Checklist: Open Source vs Commercial Vulnerability Scanning
Webinar
Achieving Least Privilege Access in Kubernetes
Webinar
Hack-Proofing Your Kubernetes Clusters
Webinar
KubeSec Enterprise Online:
A Webinar Series
Webinar
Dynamic Analysis of Container Images for Detecting Stealthy Malware
Webinar
A Calculated, Visual, Risk-Based Approach for Exploring Your Security Risks
Webinar
Secure your cloud native applications – an AWS customer case study
Webinar
The Container Security Checklist
Webinar
The Sharp Edges of Kubernetes Security
Webinar
Kubernetes RBAC: Audit Your Cluster’s RBAC Configuration for Vulnerabilities
Webinar
Aqua Serverless Security for AWS Lambda
Webinar
Vulnerability Management Strategies for Cloud Native Security
Aqua Security
