{"id":73119,"date":"2021-12-20T06:37:40","date_gmt":"2021-12-20T11:37:40","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?p=73119"},"modified":"2025-11-13T19:15:03","modified_gmt":"2025-11-13T17:15:03","slug":"top-5-iac-misconfigurations-you-should-avoid","status":"publish","type":"post","link":"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/","title":{"rendered":"Top 5 IaC Misconfigurations You Should Avoid"},"content":{"rendered":"<p class=\"has-text-align-center\"><strong><em>Famed driver Mario Andretti once said,<\/em><\/strong><\/p>\n\n\n\n<p class=\"has-text-align-center\"><strong><em>&#8220;If everything seems under control, you&#8217;re not going fast enough.&#8221;<\/em><\/strong><\/p>\n\n\n\n<p>With the recent rise in cloud-native technologies, everything is going faster than ever. Development cycles are shorter than before, and teams are deploying to production continuously. Business demands and time-to-market are the main drivers in the need for speed, and as development teams try to keep up, the risks are much higher since a simple change can reach your entire customer base within minutes.<\/p>\n\n\n\n<p>One of those cloud-native technologies is Infrastructure-as-Code (IaC) which automates the entire process of provisioning and deploying your infrastructure at the speed of DevOps. Beside the known benefits, this presents major risks to your applications and underlying infrastructure. It means that a single change in your IaC will reach production in a matter of minutes and can expose you to new attack vectors as well.<\/p>\n\n\n\n<p>Based on recent research, which was done by analyzing vast number of KICS scans, here are the top IaC misconfigurations you should be aware of.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-1\">Top 5 Misconfigurations<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<strong>Open ports<\/strong> \u2013 open TCP\/UDP ports remain the top misconfiguration to date. Those include HTTP ports, SSH ports, ELB ports, or any other unnecessary ports. The best example to give here is SSH (port 22), which is usually used for remote debugging and is notoriously known for being left open for no good reason. <a href=\"https:\/\/www.hackingarticles.in\/ssh-penetration-testing-port-22\/\">Probing through open ports<\/a> is probably the first step of every attacker\u2019s TTPs. We also know that attackers use bots to scan for open ports, and once they find an open one, they simply brute force the password and often gain access to servers and other devices. Make sure you leave unnecessary ports closed, or have a good reason for why they may be open.<\/li>\n\n\n\n<li>\n<strong>Excessive permissions<\/strong> \u2013 as previously written in this blog, providing a cloud resource with the wrong permissions can create the attack surface attackers are hoping for. Configuring your S3 bucket with read permissions, attackers can probe into the bucket looking for unprotected content and gain access to private information. Make sure you understand what least-privilege permissions your cloud resources need, and don\u2019t leave anything to chance.<\/li>\n\n\n\n<li>\n<strong>Lack of proper definitions<\/strong> \u2013 this affects observability (e.g., lack of proper logging), encryption (e.g., S3 objects without server-side encryption), or anything in between. Make sure you understand <em>which resource<\/em> requires <em>which property<\/em>, and make sure they are configured correctly in all cases.<\/li>\n\n\n\n<li>\n<strong>Hard-coded secrets (in your IaC<\/strong>) \u2013 while not limited to IaC only, this remains a top challenge for all code (application source code as well). Once exposed, attackers can leverage the keys to obtain sensitive information, shut down services, or create whatever resources they need.<\/li>\n\n\n\n<li>\n<strong>IaC security drift<\/strong> \u2013 we have all been there, we work perfectly through the process, our pipelines are all green, then something happens in production, and we must make a \u201csmall\u201d change. Those small changes can have a huge risk on your environment, and you should not make those directly but through code. Using drift detection tools (e.g., <a href=\"https:\/\/github.com\/GoogleCloudPlatform\/terraformer\">Terrarfomer<\/a> or Driffty), you can get a static file which represents your current production environment, then scan it with <a href=\"https:\/\/kics.io\/\">KICS<\/a> to make sure you didn\u2019t introduce any new risk.<\/li>\n<\/ol>\n\n\n\n<p>Leveraging Infrastructure-as-Code is a critical part of achieving true infrastructure agility, but you should be aware of all the risks. Running fast is important, but don\u2019t become blind to what may surface from errors and omissions. Be aware of the potential misconfigurations listed above and make sure you tackle them from the very beginning.<\/p>\n\n\n\n<p>If you want to automate your IaC security scanning \u2013 you can easily integrate <a href=\"https:\/\/kics.io\/\">KICS<\/a> into your pipeline and make sure you are appropriately managing your IaC risks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-2\">More about KICS<\/h2>\n\n\n\n<p>KICS finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in popular IaC solutions and OpenAPI 3.0 specifications. KICS is open-source and always will be. Both the scanning engine and the security queries are clear and open to the software development community. With 2000+ fully customizable and adjustable heuristic rules, or queries, KICS can be easily edited, extended, and added to. What\u2019s more, our robust but simple architecture allows for support of new IaC solutions.<\/p>\n\n\n\n<p>Almost 500,000 people are already taking advantage of KICS. Download KICS for free&nbsp;<a href=\"https:\/\/github.com\/Checkmarx\/kics\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a>&nbsp;and start securing your IaC today!<\/p>","protected":false},"excerpt":{"rendered":"<p>Famed driver Mario Andretti once said, &#8220;If everything seems under control, you&#8217;re not going fast enough.&#8221; With the recent rise in cloud-native technologies, everything is going faster than ever. Development cycles are shorter than before, and teams are deploying to production continuously. Business demands and time-to-market are the main drivers in the need for speed, [&hellip;]<\/p>\n","protected":false},"author":48,"featured_media":73186,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[84,1295],"tags":[190,93,392,340,280],"class_list":["post-73119","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-iac","tag-english","tag-iac","tag-infrastructure-as-code-security","tag-kics","tag-open-source-projects"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Top 5 IaC Misconfigurations You Should Avoid - Checkmarx.com<\/title>\n<meta name=\"description\" content=\"Based on recent research, which was done by analyzing vast number of KICS scans, here are the top IaC misconfigurations you should be aware of.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Top 5 IaC Misconfigurations You Should Avoid\" \/>\n<meta property=\"og:description\" content=\"Based on recent research, which was done by analyzing vast number of KICS scans, here are the top IaC misconfigurations you should be aware of.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-20T11:37:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-13T17:15:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/MicrosoftTeams-image-6-scaled-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1387\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ori Bendet\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Top 5 IaC Misconfigurations You Should Avoid\" \/>\n<meta name=\"twitter:description\" content=\"Based on recent research, which was done by analyzing vast number of KICS scans, here are the top IaC misconfigurations you should be aware of.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/MicrosoftTeams-image-6-scaled-1.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ori Bendet\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/\"},\"author\":{\"name\":\"Ori Bendet\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/e48f31f49882392cc268ba2a9a439761\"},\"headline\":\"Top 5 IaC Misconfigurations You Should Avoid\",\"datePublished\":\"2021-12-20T11:37:40+00:00\",\"dateModified\":\"2025-11-13T17:15:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/\"},\"wordCount\":719,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/MicrosoftTeams-image-6-scaled-1.jpg\",\"keywords\":[\"English\",\"IaC\",\"Infrastructure as Code Security\",\"KICS\",\"Open-Source Projects\"],\"articleSection\":[\"Blog\",\"IaC\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/\",\"url\":\"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/\",\"name\":\"Top 5 IaC Misconfigurations You Should Avoid - Checkmarx.com\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/MicrosoftTeams-image-6-scaled-1.jpg\",\"datePublished\":\"2021-12-20T11:37:40+00:00\",\"dateModified\":\"2025-11-13T17:15:03+00:00\",\"description\":\"Based on recent research, which was done by analyzing vast number of KICS scans, here are the top IaC misconfigurations you should be aware of.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/MicrosoftTeams-image-6-scaled-1.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/MicrosoftTeams-image-6-scaled-1.jpg\",\"width\":2560,\"height\":1387},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/e48f31f49882392cc268ba2a9a439761\",\"name\":\"Ori Bendet\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_48.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_48.jpg\",\"caption\":\"Ori Bendet\"},\"url\":\"https:\/\/checkmarx.com\/author\/oribendet\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Top 5 IaC Misconfigurations You Should Avoid - Checkmarx.com","description":"Based on recent research, which was done by analyzing vast number of KICS scans, here are the top IaC misconfigurations you should be aware of.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/","og_locale":"en_US","og_type":"article","og_title":"Top 5 IaC Misconfigurations You Should Avoid","og_description":"Based on recent research, which was done by analyzing vast number of KICS scans, here are the top IaC misconfigurations you should be aware of.","og_url":"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_published_time":"2021-12-20T11:37:40+00:00","article_modified_time":"2025-11-13T17:15:03+00:00","og_image":[{"width":2560,"height":1387,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/MicrosoftTeams-image-6-scaled-1.jpg","type":"image\/jpeg"}],"author":"Ori Bendet","twitter_card":"summary_large_image","twitter_title":"Top 5 IaC Misconfigurations You Should Avoid","twitter_description":"Based on recent research, which was done by analyzing vast number of KICS scans, here are the top IaC misconfigurations you should be aware of.","twitter_image":"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/MicrosoftTeams-image-6-scaled-1.jpg","twitter_creator":"@checkmarx","twitter_site":"@checkmarx","twitter_misc":{"Written by":"Ori Bendet","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/"},"author":{"name":"Ori Bendet","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/e48f31f49882392cc268ba2a9a439761"},"headline":"Top 5 IaC Misconfigurations You Should Avoid","datePublished":"2021-12-20T11:37:40+00:00","dateModified":"2025-11-13T17:15:03+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/"},"wordCount":719,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/MicrosoftTeams-image-6-scaled-1.jpg","keywords":["English","IaC","Infrastructure as Code Security","KICS","Open-Source Projects"],"articleSection":["Blog","IaC"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/","url":"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/","name":"Top 5 IaC Misconfigurations You Should Avoid - Checkmarx.com","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/MicrosoftTeams-image-6-scaled-1.jpg","datePublished":"2021-12-20T11:37:40+00:00","dateModified":"2025-11-13T17:15:03+00:00","description":"Based on recent research, which was done by analyzing vast number of KICS scans, here are the top IaC misconfigurations you should be aware of.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/blog\/top-5-iac-misconfigurations-you-should-avoid\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/MicrosoftTeams-image-6-scaled-1.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/MicrosoftTeams-image-6-scaled-1.jpg","width":2560,"height":1387},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/e48f31f49882392cc268ba2a9a439761","name":"Ori Bendet","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_48.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_48.jpg","caption":"Ori Bendet"},"url":"https:\/\/checkmarx.com\/author\/oribendet\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/73119","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/48"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=73119"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/73119\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/73186"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=73119"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/categories?post=73119"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/tags?post=73119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}