Update terraform-security.md

Author: carlospolop

src/pentesting-ci-cd/terraform-security.md

@@ -304,14 +304,6 @@ With these creds, attackers can create/modify/destroy resources directly using n
   - Prefer OIDC/WIF over static cloud credentials; treat runners as sensitive. Monitor speculative plan runs and unexpected egress.
   - Detect exfiltration of `tfc-*` credential artifacts and alert on suspicious `external` program usage during plans.
 
-Useful references:
-- Permissions: https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/permissions
-- Show workspace API: https://developer.hashicorp.com/terraform/cloud-docs/api-docs/workspaces#show-workspace
-- AWS provider configuration: https://registry.terraform.io/providers/hashicorp/aws/latest/docs#provider-configuration
-- AWS CLI OIDC role: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html#cli-configure-role-oidc
-- GCP provider with TFC: https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference.html#using-terraform-cloud
-- Sensitive variables: https://developer.hashicorp.com/terraform/tutorials/configuration-language/sensitive-variables
-- Prior art on plan-time RCE: https://alex.kaskaso.li/post/terraform-plan-rce and https://labs.snyk.io/resources/gitflops-dangers-of-terraform-automation-platforms/
 
 ## Automatic Audit Tools