security best practice Archives - Include Security Research Blog

The AWS Console and Terraform Security Gap

March 24, 2026February 19, 2026 — Laurence Tennant

Are you using Terraform to build or configure your AWS environment? You might be surprised by configuration settings that introduce vulnerabilities by default, particularly if you’re already familiar with using the AWS or other cloud provider interfaces for asset creation. This post focuses on the slowly growing security divide of AWS asset security settings when created by the Terraform provider vs the AWS UI.

Immutable Strings in Java – Are Your Secrets Still Safe?

November 11, 2025 — jacobholcombinclude

Java programmers might not be aware their secrets could be floating around in system memory long after it’s assumed those secrets have been removed. The problem is a combination of immutability and garbage collection in Java. Our most recent post explores the unpredictability of Java garbage collection and the implications that has for secrets in code. We developed a simple proof of concept designed to measured these “secret ghosts” and demonstrate how to avoid them.