Back To Schedule
Friday, September 19 • 9:30am - 10:15am
Bringing a Machete to the Amazon

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Amazon Web Services (AWS) is billed as an amazingly secure and resilient cloud services provider, but what is the reality once you look past that pristine environment and the manicured forests give way to dark jungle as you start to migrate existing applications to the AWS Cloud or design new ones for AWS exclusively?

With concrete examples and new techniques this presentation will explore “full stack” vulnerabilities and their effect on security and how they create new pitfalls when migrating to and operating in an AWS world. From the simple (checking in your AWS credentials to github or embedding them in your app) the unexpected (XXE injection to expose AWS metadata), to the unintended (data leakage and service exposure to other AWS customers and 3rd party cloud management services). Many examples will be shared along side new techniques showing how easy it is to expose your applications and infrastructure to attack through misunderstanding, ignorance or bad actors.

To address these challenges this presentation will also reveal and demonstrate a free tool we have designed to assess full stack AWS applications, map out the interactions between infrastructure and code and help individuals and organizations get clarity and bring a machete to the Amazon Cloud.


Erik Peterson

Director of Technology Strategy, Veracode
Erik Peterson is the Director of Technology Strategy for Veracode with 17 years of security industry experience, including senior leadership and technology roles for HP, SPI Dynamics, GuardedNet and Sanctum. Erik has also held InfoSec roles at Moody’s and SunTrust Bank and IT... Read More →

Friday September 19, 2014 9:30am - 10:15am MDT
Colorado Ballroom E [Defenders] Denver Marriott City Center