Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Bringing a Machete to the Amazon: Securing AWS Applications

OWASP Foundation via YouTube

Overview

Explore the security challenges and vulnerabilities associated with migrating applications to Amazon Web Services (AWS) in this conference talk from AppSecUSA 2014. Delve into concrete examples and new techniques that reveal "full stack" vulnerabilities in AWS environments, from simple mistakes like exposing credentials to unexpected issues such as XXE injection and data leakage. Learn about a free assessment tool designed to map interactions between infrastructure and code, helping organizations navigate the complexities of AWS security. Gain insights into AWS as an operating system, its attack surface, and common pitfalls in cloud migration. Discover strategies for controlling API access, managing metadata, and leveraging advanced capabilities to enhance security in AWS deployments.

Syllabus

Intro
Welcome
Agenda
Cloud is an Operating System
Infrastructure is my code
Typical AWS application
AppSec perspective
The challenge
What does AWS offer
Problems with AWS
AWS as an operating system
AWS attack surface
Merchant insecurity
Strict change control
API
Vulnerabilities
Metadata
AWS Metadata
Examples
Controlling API Access
Private IP Addresses
Lack of Access Control
Tags
IP Address
Lack of Awareness
Cloud Atlas
Cloud Out
Cloud Trail Data
Advanced Cap Capabilities
Other Tools
Questions

Taught by

OWASP Foundation

Reviews

Start your review of Bringing a Machete to the Amazon: Securing AWS Applications

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.