Hyperscale Blog

Expert insights on AWS security and secure by design best practices

ctrl+k
RSS Feed
All
Cloud Security Assessments
Cloud Governance
Incident Detection & Response
Data Protection
Application Security
Infrastructure Security
Compliance
DevSecOps
Best Practices
General

Featured

Blog cover image for From Zero to Secure: Implementing CSP in Hours, Not Days
Featured
Application Security
CSP Implementation
Web Security

From Zero to Secure: Implementing CSP in Hours, Not Days

A comprehensive, step-by-step guide to implementing Content Security Policy across modern web platforms. From basic protection to advanced configurations, get your applications secured today.

HA

Henry Addico

Oct 6, 2025

Blog cover image for Why 50% of Web Apps Are Vulnerable to XSS (And Yours Might Be Too)
Application Security
AWS
Threat Modelling

Why 50% of Web Apps Are Vulnerable to XSS (And Yours Might Be Too)

Over half of web applications lack basic XSS protection through Content Security Policy. While modern platforms enable 5-minute deployments, they leave a critical security blind spot that could cost your business dearly.

HA

Henry Addico

Sep 17, 2025

Blog cover image for Securing AWS Credentials on Engineer's Machines with macOS Secure Enclave
Supply Chain Security
AWS
Security

Securing AWS Credentials on Engineer's Machines with macOS Secure Enclave

Last week, I wrote about the lessons from the Nx package poisoning attack, where malicious package versions were published to npm, silently stealing cloud credential from any developer unlucky enough to download them. Amongst other things, the attack highlighted a problem in how we store and manage AWS credentials on development machines.

AC

Andy Caine

Sep 9, 2025

Blog cover image for Lessons From the Nx NPM Package Poisoning Attack: Securing Your AWS Environment Against Supply Chain Threats
Supply Chain Security
AWS
Security

Lessons From the Nx NPM Package Poisoning Attack: Securing Your AWS Environment Against Supply Chain Threats

Last week, attackers poisoned the popular Nx build system on NPM with malicious versions that attempted to steal SSH keys, GitHub tokens, npm tokens, and AWS credentials. For many teams, that's a nightmare scenario. Let's look at what this attack tells us about securing AWS accounts against software supply chain threats.

AC

Andy Caine

Sep 3, 2025