Prowler March Newsletter

This is a republishing of our monthly newsletter.

Do you have a Prowler success story you’d like to share? Let us know and we’ll send you some swag!

Hey there, Prowler community!

March has been packed with updates, news, and momentum—and we’re heading full-speed into April with something huge you don’t want to miss. If you’re serious about open cloud security (and we know you are), now’s the time to get involved.

Open Cloud Security Conference – Registration Now Open!

We’re thrilled to announce the first-ever Open Cloud Security Conference, happening Tuesday, April 8, 2025. It’s free, virtual, and packed with sessions from leaders shaping the future of open-source and cloud security.

Date: April 8, 2025
Location: Online
Register here

Cloud security is broken, and we need to fix it—together. This in-depth post from our founder and CEO explains why the Open Cloud Security Movement is the future and how we’re working toward transparency, collaboration, and security that works across all cloud environments.

 Featured Sessions

• The Future of Open Security – Gabriele Columbro, Linux Foundation Europe
  Insights into the evolution of open-source security and its impact on defenders.
  
• Server Side Chat: Open Source & Cloud Security – Shay Banon, Elastic & Toni de la Fuente, Prowler
  A candid conversation on innovation, collaboration, and where open cloud security is heading.
  
• A Pentester’s Guide to Finding Misconfigurations at Scale – Sandeep Singh, ProjectDiscovery
  Automating cloud pentesting using tools like Nuclei and Subfinder.
  
• Survey Says: Open Wins – Rajiv Taori & Laura Franzese, Prowler
  What 650+ security practitioners revealed about adopting open cloud security tools.
  
• How We Saved $70,000/Year with Our Open-Source Private Cloud CA – Paul Schwarzenberger, Q-Solution
  A practical look at building a secure, serverless certificate authority.
  
• DockSec: AI-Powered Docker Security – Advait Patel, Broadcom
  Using AI to enforce best practices in CI/CD for cloud-native environments.
  
• Open Sourcing Cloud SOC – Urvesh Thakkar, Circles.Life
  A blueprint for a cost-effective, open-source cloud SOC.
  
• The Power of Composability – Nathan Wallace, Turbot
  Using open-source ecosystems to build better, composable multi-cloud security.
  
• End-to-End Integration Testing for Detection Engineering – Ariel Ropek, Panther Labs
  How to improve detection workflows with end-to-end testing.
  
• Securing Multi-Cloud in the Open with Prowler – Toni de la Fuente, Prowler
  A deep dive into Prowler’s capabilities across AWS, Azure, GCP, and Kubernetes.

Product Updates

What’s New in Prowler 5.4?

Prowler 5.4 is here, bringing smarter scan configs, faster reporting, and enhanced multi-cloud support.

🔹 Smarter scan configurations
🔹 Faster, detailed report generation
🔹 Extended support for AWS, Azure, GCP, and Kubernetes
🔹 New CLI options for added flexibility

Read the blog
Check release notes

From the Prowler Team

Google Bought Wiz for $32B. Now What?

Google’s acquisition of Wiz has major implications for the cloud security landscape. In this post, we explore what this means for security teams, vendor lock-in, and the future of open cloud security.

The Future is Open – Open Cloud Security is Key in the Race Against Evolving Threats
In this article by Toni de la Fuente, he highlights the growing importance of open cloud security in defending against evolving threats. It explores how transparency, collaboration, and open-source tools like Prowler are key to maintaining a secure and resilient cloud environment.

Resource Spotlight

Kubernetes Security Management – KSPM with Prowler
Securing Kubernetes environments doesn’t have to be complex. This guide explores how Prowler simplifies Kubernetes Security Posture Management (KSPM), helping teams detect misconfigurations, enforce best practices, and stay compliant.

Prowler Product Demo on Risky Business
We joined Risky Business to give a hands-on walkthrough of Prowler’s security capabilities, including real-time compliance checks and misconfiguration detection across AWS, Azure, GCP, and Kubernetes.

Understanding the Prowler UI
Learn how to quickly set up the interface, leverage its key features, and streamline your security checks—complete with practical demos and best practices tailored for developers.

Getting Started with Prowler API
Learn how to integrate Prowler’s security and compliance checks directly into your workflow, explore best practices for API utilization, and see real-world demos that highlight the API’s powerful features.

Onboarding AWS & Azure Accounts with Prowler
We’ve released detailed guides to help you seamlessly onboard AWS and Azure accounts into Prowler:

• Onboarding AWS Accounts in Prowler Using an Assumed Role
• Onboarding AWS Accounts in Prowler Using Static Credentials
• Onboarding Azure Accounts in Prowler Using the Azure Portal

Security Spotlight

GitHub Actions and the Pinning Problem: What 100 Security Projects Reveal
This medium article by Adan Álvarez analyzes how top security projects manage (or mis-manage) GitHub Actions to prevent supply chain risks. Prowler is one of only three repositories highlighted for following best practices by pinning all GitHub Actions, ensuring greater security and stability.

Community Highlights

Securing 180,000 Lines of C Code in Curl
Curl creator Daniel Stenberg discusses the challenges of maintaining security in one of the most widely used open-source projects. Learn how he approaches securing 180,000 lines of C code while balancing performance and reliability.

Cloud Infrastructure Analysis with Prowler
In this new PluralSight course by Tim Coakley you will learn to perform AWS cloud security assessments using the tool Prowler, which is one of the first essential steps to continuous security in the cloud.

How to Conduct a Comprehensive Cybersecurity Audit for Your SaaS Company
Atlant Security created a detailed guide that walks through the steps to perform a thorough cybersecurity audit for SaaS companies. It highlights Prowler and covers assessing cloud environments, identifying vulnerabilities, ensuring compliance, and implementing security best practices to protect sensitive data.

Building Secure AWS Environments with Landing Zone Accelerator
This detailed guide from Adam Divall walks you through configuring AWS’s Landing Zone Accelerator to establish a secure, scalable, and compliant multi-account environment. Learn best practices and step-by-step instructions to streamline your cloud governance.

Navigating Brownfield Environments in AWS: Steps for Successful Cloud Use
This Dev.to article by Eyal Estrin, explores strategies for managing and securing brownfield AWS environments, where existing infrastructure and legacy configurations can introduce complexity. Learn how to assess, modernize, and maintain security in these environments effectively.

Cybersecurity for Startups: A Practical Guide to Building Security
Network Right, an IT services company, includes Prowler in the Open Source Security Tools section. The article emphasizes how Prowler helps startups secure their cloud infrastructure.

Basics of Pentest on AWS Environment
This Dev.to article by Muhammad Q Shahzad provides a beginner-friendly introduction to performing penetration tests on AWS environments. It covers essential steps such as identifying potential vulnerabilities, evaluating security controls, and ensuring compliance with AWS security best practices and highlights Prowler.

Prowler IRL – Events You Don’t Want to Miss

• AWS Community Day Romania – April 10
• SANS Cloud Native Security: Continuous Compliance with Prowler – April 24
• RSA Conference – April 28–May 1 | San Francisco
  Catch us live at booth 642 in the Spanish Pavilion and grab some exclusive swag.
  

We’re always sharing more in our Slack community!

That’s a wrap for this month. Don’t forget to register now for the Open Cloud Security Conference – we’ll see you there!