When the headline reads “Cloud Breach Due to Misconfiguration”, this is only a small part of the story, causing teams to focus solely on eliminating cloud resource misconfigurations and getting a false sense of security. What’s missing in these stories is the series of moves attackers make to discover knowledge about the cloud environment, move laterally, and ultimately extract data without...
Today’s cloud attacks don’t exploit a single misconfiguration, but rather a series of them. Josh will walk through a process for understanding the blast radius of potential security events in your environment, and steps you can take to prevent minor ones from becoming catastrophic breaches. The recent Twitch breach may have begun with a lone server misconfiguration, but it's blast radius...
If you use Amazon Web Services (AWS), you’re probably making extensive use of AWS Identity and Access Management (IAM). It’s a powerful service for managing access to your AWS services and resources that is almost like a new kind of network in the cloud. But for enterprise cloud environments, AWS IAM security can become quite complex. Recent high-profile cloud-based data breaches have involved...
Cloud security is a software engineering problem - not a traditional security problem. This talk will demonstrate an advanced cloud misconfiguration exploit to understand how to protect against such attacks using architecture best practices. The cloud changed the way hackers operate: Rather than targeting an organization and then searching for vulnerabilities to exploit, they now use...
OPA is an open source policy as code framework and toolset which can be used to validate policy compliance of cloud infrastructure environments. Learn how OPA works, how cloud engineering and dev teams can leverage it and other open source tools to prevent deployment of resource misconfigurations. The challenges of building and modifying at-scale cloud infrastructure environments led to the...
Learn for free, join the best tech learning community for a price of a pumpkin latte.
Event notifications, weekly newsletter
Delayed access to all content
Immediate access to Keynotes & Panels
Access to Circle community platform
Immediate access to all content
Courses, quizes & certificates
Community chats