Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, September 19 • 9:30am - 10:15am
Bringing a Machete to the Amazon

Sign up or log in to save this to your schedule and see who's attending!

Amazon Web Services (AWS) is billed as an amazingly secure and resilient cloud services provider, but what is the reality once you look past that pristine environment and the manicured forests give way to dark jungle as you start to migrate existing applications to the AWS Cloud or design new ones for AWS exclusively?

With concrete examples and new techniques this presentation will explore “full stack” vulnerabilities and their effect on security and how they create new pitfalls when migrating to and operating in an AWS world. From the simple (checking in your AWS credentials to github or embedding them in your app) the unexpected (XXE injection to expose AWS metadata), to the unintended (data leakage and service exposure to other AWS customers and 3rd party cloud management services). Many examples will be shared along side new techniques showing how easy it is to expose your applications and infrastructure to attack through misunderstanding, ignorance or bad actors.

To address these challenges this presentation will also reveal and demonstrate a free tool we have designed to assess full stack AWS applications, map out the interactions between infrastructure and code and help individuals and organizations get clarity and bring a machete to the Amazon Cloud.

Speakers
EP

Erik Peterson

Director of Technology Strategy, Veracode
Erik Peterson is the Director of Technology Strategy for Veracode with 17 years of security industry experience, including senior leadership and technology roles for HP, SPI Dynamics, GuardedNet and Sanctum. | | Erik has also held InfoSec roles at Moody’s and SunTrust Bank and IT roles for the U.S. Embassy in Vienna, Austria and the UN IAEA. Erik has spoken at numerous events including Security BSides, OWASP, ISSA, InfraGard and ISACA... Read More →



Friday September 19, 2014 9:30am - 10:15am
Colorado Ballroom E [Defenders] Denver Marriott City Center