Removes old roadmap

Adds contributor Fixes formatting Fixes link to CSA report
OWASP · Jan 6, 2025 · 9ca8d0a · 9ca8d0a
1 parent d70a561
commit 9ca8d0a
Show file tree

Hide file tree

Showing 6 changed files with 38 additions and 49 deletions.
diff --git a/2025/docs/2-secret-leakage.md b/2025/docs/2-secret-leakage.md
@@ -48,14 +48,14 @@ Exposed secrets can lead to significant security risks. If a secret is leaked, w
 * AWS Secrets Manager - [link](https://aws.amazon.com/secrets-manager/)
 
 ## Data points
-* [CSA NHI Report](https://s3.amazonaws.com/content-production.cloudsecurityalliance/22j8ue25fxvafdnirpgoqtdv7l1u?response-content-disposition=inline%3B%20filename%3D%22The%20State%20of%20Non-Human%20Identity%20Security%2020240917.pdf%22%3B%20filename%2A%3DUTF-8%27%27The%2520State%2520of%2520Non-Human%2520Identity%2520Security%252020240917.pdf&response-content-type=application%2Fpdf&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6XDIRHKHO4F5SU4%2F20241211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241211T163927Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=394370ac74a7a3f24385341bdee52ca01958c4859595f1f9969ffefdaa6d6f2f)
-  * 31% of times poor secrets management was the cause for NHI-related security incidents. (6/10)
-  * 21% of organizations put service accounts as most challenging to manage. (6/16)
-  * 26% of organizations need management of secrets lifecycle as the most important capability of an NHI tool. (1/16)
-  * 37% of organizations report secrets are stored in environment variables or hard-coded into application code.
+* [CSA NHI Report](https://cloudsecurityalliance.org/artifacts/state-of-non-human-identity-security-survey-report)
+   * 31% of times poor secrets management was the cause for NHI-related security incidents. (6/10)
+   * 21% of organizations put service accounts as most challenging to manage. (6/16)
+   * 26% of organizations need management of secrets lifecycle as the most important capability of an NHI tool. (1/16)
+   * 37% of organizations report secrets are stored in environment variables or hard-coded into application code.
 * Verizon DBIR
-  * 21% of breaches initial action was use of stolen creds (1/10)
+   * 21% of breaches initial action was use of stolen creds (1/10)
 * Recent Breaches
-  * MSFT SAS Token Breach - [link](https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers)
-  * Uber Breach - [link](https://www.upguard.com/blog/what-caused-the-uber-data-breach)
-  * Internet Archive breach - [link](https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/)
+   * MSFT SAS Token Breach - [link](https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers)
+   * Uber Breach - [link](https://www.upguard.com/blog/what-caused-the-uber-data-breach)
+   * Internet Archive breach - [link](https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/)
diff --git a/2025/docs/3-vulnerable-third-party-nhi.md b/2025/docs/3-vulnerable-third-party-nhi.md
@@ -43,15 +43,15 @@ Moreover, 3rd parties can be exposed to hard-coded credentials within the codeba
 
 ## Data points
 * [Datadog State of the Cloud 2024]((https://www.datadoghq.com/state-of-cloud-security/))
-  * 10% third party integration to AWS are overprivileged.
-  * 2% third party integration to AWS are vulnerable to confused deputy vulnerability.
-  * Initial access to 365 is made through malicious 3d-party OAuth apps.
+    * 10% third party integration to AWS are overprivileged.
+    * 2% third party integration to AWS are vulnerable to confused deputy vulnerability.
+    * Initial access to 365 is made through malicious 3d-party OAuth apps.
 * [CSA NHI Report](https://s3.amazonaws.com/content-production.cloudsecurityalliance/22j8ue25fxvafdnirpgoqtdv7l1u?response-content-disposition=inline%3B%20filename%3D%22The%20State%20of%20Non-Human%20Identity%20Security%2020240917.pdf%22%3B%20filename%2A%3DUTF-8%27%27The%2520State%2520of%2520Non-Human%2520Identity%2520Security%252020240917.pdf&response-content-type=application%2Fpdf&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6XDIRHKHO4F5SU4%2F20241211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241211T163927Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=394370ac74a7a3f24385341bdee52ca01958c4859595f1f9969ffefdaa6d6f2f)
-  * 38% answers put supply chain attacks as one of the top 3 most concerning NHI threats. (2/10)
-  * 16% answers put malicious suppliers as one of the top 3 most concerning NHI threats. (9/10)
-  * 29% of times compromised external integrations were the cause for NHI-related security incidents. (7/10)
-  * 21% of organizations put managing requests for third-party tools and services as most challenging to manage. (10/16)
-  * 26% of organizations need visibility into third-party vendors as the most important capability of an NHI tool. (1/16)
-  * 38% of organizations reported limited to no visibility into third-party vendors.
+    * 38% answers put supply chain attacks as one of the top 3 most concerning NHI threats. (2/10)
+    * 16% answers put malicious suppliers as one of the top 3 most concerning NHI threats. (9/10)
+    * 29% of times compromised external integrations were the cause for NHI-related security incidents. (7/10)
+    * 21% of organizations put managing requests for third-party tools and services as most challenging to manage. (10/16)
+    * 26% of organizations need visibility into third-party vendors as the most important capability of an NHI tool. (1/16)
+    * 38% of organizations reported limited to no visibility into third-party vendors.
 * Recent Breaches
-  * Sisense Breach - [link](https://medium.com/@ronilichtman/making-sense-out-of-the-sisense-hack-f61a3d9b80a7)
+    * Sisense Breach - [link](https://medium.com/@ronilichtman/making-sense-out-of-the-sisense-hack-f61a3d9b80a7)
diff --git a/2025/docs/5-overprivileged-nhi.md b/2025/docs/5-overprivileged-nhi.md
@@ -43,14 +43,14 @@ When an over-privileged NHI is compromised—whether through vulnerabilities in
 
 ## Data points
 * [Datadog State of the Cloud 2024](https://www.datadoghq.com/state-of-cloud-security/)
-  * 17.6% have excessive data access, such as listing and accessing data from all S3 buckets in the account
-  * 10% of clusters have a dangerous node role that has full administrator access, allows for privilege escalation, has overly permissive data access (e.g., all S3 buckets), or allows for lateral movement across all workloads in the account
-  * Over one in three Google Cloud VMs (33%) have sensitive permissions to a project
-* [CSA NHI Report](https://s3.amazonaws.com/content-production.cloudsecurityalliance/22j8ue25fxvafdnirpgoqtdv7l1u?response-content-disposition=inline%3B%20filename%3D%22The%20State%20of%20Non-Human%20Identity%20Security%2020240917.pdf%22%3B%20filename%2A%3DUTF-8%27%27The%2520State%2520of%2520Non-Human%2520Identity%2520Security%252020240917.pdf&response-content-type=application%2Fpdf&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6XDIRHKHO4F5SU4%2F20241211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241211T163927Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=394370ac74a7a3f24385341bdee52ca01958c4859595f1f9969ffefdaa6d6f2f) 
-  * 33% answers put over-privileged accounts as one of the top 3 most concerning NHI threats (3/10)
-  * 37% of times over-privileged identities were the cause for NHI-related security incidents (2/10)
-  * 22% of organizations need managing permissions as the most important capability of an NHI tool (5/16)
-  * 26% of organizations believe that over 50% of their service accounts are over-privileged
+    * 17.6% have excessive data access, such as listing and accessing data from all S3 buckets in the account
+    * 10% of clusters have a dangerous node role that has full administrator access, allows for privilege escalation, has overly permissive data access (e.g., all S3 buckets), or allows for lateral movement across all workloads in the account
+    * Over one in three Google Cloud VMs (33%) have sensitive permissions to a project
+* [CSA NHI Report](https://cloudsecurityalliance.org/artifacts/state-of-non-human-identity-security-survey-report) 
+    * 33% answers put over-privileged accounts as one of the top 3 most concerning NHI threats (3/10)
+    * 37% of times over-privileged identities were the cause for NHI-related security incidents (2/10)
+    * 22% of organizations need managing permissions as the most important capability of an NHI tool (5/16)
+    * 26% of organizations believe that over 50% of their service accounts are over-privileged
 * [Orca Security State of the Cloud Security report 2022](https://orca.security/wp-content/uploads/2022/09/2022-State-of-Public-Cloud-Security-Report.pdf)
-  * 44% of environments have at least one privileged identity access management (IAM) role.
-  * 23% have at least one EC2 Instance with Administrator IAM role.
+    * 44% of environments have at least one privileged identity access management (IAM) role.
+    * 23% have at least one EC2 Instance with Administrator IAM role.
diff --git a/2025/docs/7-long-lived-secrets.md b/2025/docs/7-long-lived-secrets.md
@@ -34,12 +34,12 @@ Long-lived Secrets refers to the use of sensitive NHIs such as API keys, tokens,
 
 ## Data points
 * [Datadog State of the Cloud 2024](https://www.datadoghq.com/state-of-cloud-security/)
-  * 46% of AWS orgs users use long-lived console credentials
-  * 60% of keys across cloud providers have age > 1 year
-* [CSA NHI Report](https://s3.amazonaws.com/content-production.cloudsecurityalliance/22j8ue25fxvafdnirpgoqtdv7l1u?response-content-disposition=inline%3B%20filename%3D%22The%20State%20of%20Non-Human%20Identity%20Security%2020240917.pdf%22%3B%20filename%2A%3DUTF-8%27%27The%2520State%2520of%2520Non-Human%2520Identity%2520Security%252020240917.pdf&response-content-type=application%2Fpdf&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6XDIRHKHO4F5SU4%2F20241211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241211T163927Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=394370ac74a7a3f24385341bdee52ca01958c4859595f1f9969ffefdaa6d6f2f) 
-  * 45% of times lack of credential rotation were the cause for NHI-related security incidents (1/10)
-  * 26% of organizations need management of secrets lifecycle as the most important capability of an NHI tool (1/16)
-  * 51% of organizations have no formal process to offboard or revoke long-lived API keys
+    * 46% of AWS orgs users use long-lived console credentials
+    * 60% of keys across cloud providers have age > 1 year
+* [CSA NHI Report](hhttps://cloudsecurityalliance.org/artifacts/state-of-non-human-identity-security-survey-report) 
+    * 45% of times lack of credential rotation were the cause for NHI-related security incidents (1/10)
+    * 26% of organizations need management of secrets lifecycle as the most important capability of an NHI tool (1/16)
+    * 51% of organizations have no formal process to offboard or revoke long-lived API keys
 * [Orca Security State of the Cloud Security report 2022](https://orca.security/wp-content/uploads/2022/09/2022-State-of-Public-Cloud-Security-Report.pdf)
-  * 80% of organizations have KMS rotation disabled
-  * 79% of organizations have at least one access key older than 90 days
+    * 80% of organizations have KMS rotation disabled
+    * 79% of organizations have at least one access key older than 90 days
diff --git a/index.md b/index.md
@@ -84,15 +84,3 @@ Reusing the same NHI across different applications, services, or components —
 
 During application development and maintenance, developers or administrators may misuse NHIs for manual tasks that should be performed using individual human identities with appropriate privileges. This practice introduces significant security risks such as elevated privileges for NHIs, lack of auditing and accountability due to indistinguishable activity between humans and automation.
 [Read More >>]({{ site.baseurl }}/2025/10-human-use-of-nhi/)
-
-## Project Road Map
-1. Submission of project proposal ✓
-2. Reaching out to prominent contributors of the identity security space ✓
-3. Mapping out top risks ✓
-4. Data collection on chosen risks ✓
-* A public survey co-operated with Cloud Security Alliance (CSA)
-* Data assessment on real-life environments and platforms
-* Public data collection of zero-day vulnerabilities
-5. Aggregation of data and risk scoring ✓
-6. Final draft of the top 10 risks alongside above Documentation efforts ✓
-7. Round-table together with contributors and leaders to construct roadmap towards project review and graduation to a Lab project. (ongoing)
diff --git a/tab_contributors.md b/tab_contributors.md
@@ -23,3 +23,4 @@ Individuals that provided a significant contribution to the project:
 | Tomer Yahalom  | Astrix Security | [LinkedIn](https://www.linkedin.com/in/tomer-yahalom-4622b0178/) |
 | Danielle Guetta  | Astrix Security | [LinkedIn](https://www.linkedin.com/in/danielle-guetta-94108310/) |
 | Bar Kaduri  | Orca Security | [LinkedIn](https://www.linkedin.com/in/bar-kaduri) |
+| Yonatan Yosef  | Orca Security | [LinkedIn](https://www.linkedin.com/in/yonatan-yosef-93a028188/) |