SlideShare ist ein Scribd-Unternehmen logo

Aws(in)security - the devil is in the detail

Als PPTX, PDF herunterladen
Pawel Rzepa
Pawel Rzepa

Presentation about most common fails related with AWS S3 and EC2 services

Technologie
1 von 33
AWS (in)security - the devil is in the detail Paweł Rzepa 16.11.2017
• Senior Security Consultant in SecuRing • OWASP member: • Helping arrange meetups in Wroclaw • Contributor in OWASP MSTG project • OSCP, eMAPT holder • @Rzepsky Who am I
1. Intro to cloud technology 2. S3 leaks 3. Access keys leaks 4. New life of old vulns in cloud 5. Final recommendations Agenda
Main indicators*: • On-demand self-service • Broad network access • Resource pooling • Rapid elasticity • Measured Service * - based on https://www.nist.gov/sites/default/files/documents/itl/cloud/cloud-def-v15.pdf What the heck is cloud?!
AWS – a perfect scalable solution
• Amazon Web Services (AWS) – cloud solution provider • Identity and Access Management (IAM) – a service for controlling access to AWS resources • Simple Storage Service (S3) – storage service through web services • Bucket – a container to store objects via S3 service • Amazon Elastic Compute Cloud (EC2) – a service allowing users to rent a virtual machine instance Terms we’re going to use today
AWS Share responsibility model Source: https://s3-us-west-2.amazonaws.com/cloudtechnologyexperts/wp-content/uploads/2017/07/08152141/shared-model-21.png
Source: https://www.theregister.co.uk/2017/08/17/chicago_voter_leak/
7% of all S3 buckets have unrestricted public access* * - based on https://www.skyhighnetworks.com/cloud-security-blog/verizon-data-breach-two-easy-steps-to-prevent-aws-s3-leaks/
https://[bucketname].s3.amazonaws.com DIY, with AWSBucketDump: S3 – how hard is to find a bucket?
…but remember: Internet never forgets
Demo time!
Yet Another S3 Bucket Leak Source: https://github.com/petermbenjamin/YAS3BL
Ask the audience
Story details: https://blog.sentry.io/2016/06/14/security-incident-june-12-2016
By default accounts are restricted from accessing S3 unless they have been given access via policy. However, S3 is designed by default to allow any IP address access. So to block IP's you would have to specify denies explicitly in the policy instead of allows. Setting AWS policies can be tricky
Setting AWS policies can be tricky
Demo time!
• Restrict access to your data, via:  ACLs,  IAM policies,  bucket policies. • Whitelist IPs • Test your policies (you may find helpful aws-extender-cli) • Always refer to object (download/upload) using encryption Lesson learned
Story details: https://www.infoworld.com/article/2608076/data-center/murder-in-the-amazon-cloud.html
Story details: https://www.olindata.com/en/blog/2017/04/spending-100k-usd-45-days-amazon-web-services
Bots never sleep
Passwords vs Access Keys Source: https://www.blackhat.com/docs/us-16/materials/us-16-Simon-Access-Keys-Will-Kill-You-Before-You-Kill-The-Password.pdf
• GitHub/Pastebin/etc. • Configuration files • ~/.aws/credentials Access keys – where to look for?
• Delete root user’s access keys and define IAM roles • Enforce usage of Multi-Factor Authentication (you may find helpful AWS-recipes) • Rotate keys • Create an access keys management process • Use Cloud Trail • Set Billing Alarm (e.g. notify me when the bill is over x$) Lesson learned
• Some vulns can be much more dangerous in cloud:  CWE-200: Information Exposure  CWE-441: Unintended Proxy or Intermediary  CWE-611: XXE  CWE-918: SSRF …because any of them may reveal your metadata. Old vulns gain new life
SSRF in practice Source: https://www.netsparker.com/statics/img/blogposts/exploiting_ssrf_vulnerability.png
Stories from HackerOne SSRF reported, but marked as “Won’t fix”, because the risk was marked as very low. 08.03.2015 Bounty granted: 0$ Bounty granted: 300$ Same bug reported, but this time pointing to exposure of “meta-data”. 23.03.2015
• Data about your instance: • Accessible only from within the instance itself via link: http://169.254.169.254/latest/meta-data/ What is “meta-data”
Demo time!
 Restrict access to your data (ACLs, bucket policies, IAM roles)  Whitelist IPs  Use encryption for data in transit  Define IAM roles  Use MFA for each role  Rotate access keys  Create an access keys management process Sum up
 Use CloudTrail  Set alerts  And above all: Sum up
Pawel.Rzepa@securing.pl Thank you, Contact me:

Empfohlen

The 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityThe 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityAmazon Web Services
 
AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)Julien SIMON
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAmazon Web Services
 
CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech Talks
CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech TalksCloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech Talks
CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech TalksAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWS Protecting Your Data in AWS
Protecting Your Data in AWS Amazon Web Services
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security UpdateAmazon Web Services
 
Controlling Access to your Resources
Controlling Access to your ResourcesControlling Access to your Resources
Controlling Access to your ResourcesAmazon Web Services
 

Empfohlen

The 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityThe 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityAmazon Web Services
 
AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)Julien SIMON
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAmazon Web Services
 
CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech Talks
CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech TalksCloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech Talks
CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech TalksAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWS Protecting Your Data in AWS
Protecting Your Data in AWS Amazon Web Services
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security UpdateAmazon Web Services
 
Controlling Access to your Resources
Controlling Access to your ResourcesControlling Access to your Resources
Controlling Access to your ResourcesAmazon Web Services
 
Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSAmazon Web Services
 
Introduction of AWS KMS
Introduction of AWS KMSIntroduction of AWS KMS
Introduction of AWS KMSRicardo Schmidt
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...Amazon Web Services
 
(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWSAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
(SEC401) Encryption Key Storage with AWS KMS at Okta
(SEC401) Encryption Key Storage with AWS KMS at Okta(SEC401) Encryption Key Storage with AWS KMS at Okta
(SEC401) Encryption Key Storage with AWS KMS at OktaAmazon Web Services
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security FundamentalsAmazon Web Services
 
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Amazon Web Services
 
(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the EnterpriseAmazon Web Services
 
Using AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure WorkloadsUsing AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure WorkloadsAmazon Web Services
 
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)Amazon Web Services
 
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3Amazon Web Services
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
 
Data Protection in Transit and at Rest
Data Protection in Transit and at RestData Protection in Transit and at Rest
Data Protection in Transit and at RestAmazon Web Services
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseAmazon Web Services
 
Practical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWSPractical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWSAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
[Wroclaw #7] AWS (in)security - the devil is in the detail
[Wroclaw #7] AWS (in)security - the devil is in the detail[Wroclaw #7] AWS (in)security - the devil is in the detail
[Wroclaw #7] AWS (in)security - the devil is in the detailOWASP
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & ComplianceAmazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...Amazon Web Services
 
(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWSAmazon Web Services
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
 
(SEC401) Encryption Key Storage with AWS KMS at Okta
(SEC401) Encryption Key Storage with AWS KMS at Okta(SEC401) Encryption Key Storage with AWS KMS at Okta
(SEC401) Encryption Key Storage with AWS KMS at OktaAmazon Web Services
 
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Amazon Web Services
 
(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the EnterpriseAmazon Web Services
 
Using AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure WorkloadsUsing AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure WorkloadsAmazon Web Services
 
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)Amazon Web Services
 
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3Amazon Web Services
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
 
Data Protection in Transit and at Rest
Data Protection in Transit and at RestData Protection in Transit and at Rest
Data Protection in Transit and at RestAmazon Web Services
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseAmazon Web Services
 
Practical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWSPractical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWSAmazon Web Services
 

Was ist angesagt? (20)

Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWS
 
Introduction of AWS KMS
Introduction of AWS KMSIntroduction of AWS KMS
Introduction of AWS KMS
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
 
(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
(SEC401) Encryption Key Storage with AWS KMS at Okta
(SEC401) Encryption Key Storage with AWS KMS at Okta(SEC401) Encryption Key Storage with AWS KMS at Okta
(SEC401) Encryption Key Storage with AWS KMS at Okta
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
 
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
 
(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise
 
Using AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure WorkloadsUsing AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure Workloads
 
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
 
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017
 
Data Protection in Transit and at Rest
Data Protection in Transit and at RestData Protection in Transit and at Rest
Data Protection in Transit and at Rest
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
 
Practical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWSPractical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWS
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 

Ähnlich wie Aws(in)security - the devil is in the detail

[Wroclaw #7] AWS (in)security - the devil is in the detail
[Wroclaw #7] AWS (in)security - the devil is in the detail[Wroclaw #7] AWS (in)security - the devil is in the detail
[Wroclaw #7] AWS (in)security - the devil is in the detailOWASP
 
AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security Amazon Web Services
 
AWS Summit Auckland 2014 | Black Belt Tips on AWS
AWS Summit Auckland 2014 | Black Belt Tips on AWS AWS Summit Auckland 2014 | Black Belt Tips on AWS
AWS Summit Auckland 2014 | Black Belt Tips on AWS Amazon Web Services
 
AWS Public Sector Symposium 2014 Canberra | Black Belt Tips on AWS
AWS Public Sector Symposium 2014 Canberra | Black Belt Tips on AWS AWS Public Sector Symposium 2014 Canberra | Black Belt Tips on AWS
AWS Public Sector Symposium 2014 Canberra | Black Belt Tips on AWS Amazon Web Services
 
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOpsIn the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOpsGarth Boyd
 
Aws Solution Architecture Associate - summary
Aws Solution Architecture Associate - summaryAws Solution Architecture Associate - summary
Aws Solution Architecture Associate - summaryonoffshake
 
Using encryption with_aws
Using encryption with_awsUsing encryption with_aws
Using encryption with_awssaifam
 
Practical Steps to Hackproofing AWS
Practical Steps to Hackproofing AWSPractical Steps to Hackproofing AWS
Practical Steps to Hackproofing AWSAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityLalitMohanSharma8
 
Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...
Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...
Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...Amazon Web Services
 
Owning aws infrastructure services
Owning aws infrastructure servicesOwning aws infrastructure services
Owning aws infrastructure servicesSuraj Khetani
 
Cloudifying your Security Operations on AWS
Cloudifying your Security Operations on AWSCloudifying your Security Operations on AWS
Cloudifying your Security Operations on AWSCloudHesive
 
Moving Quickly with Data Services in the Cloud
Moving Quickly with Data Services in the CloudMoving Quickly with Data Services in the Cloud
Moving Quickly with Data Services in the CloudMatthew Dimich
 
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014Amazon Web Services
 
So you think you are an aws ninja dean samuels
So you think you are an aws ninja dean samuelsSo you think you are an aws ninja dean samuels
So you think you are an aws ninja dean samuelsAmazon Web Services
 

Ähnlich wie Aws(in)security - the devil is in the detail (20)

[Wroclaw #7] AWS (in)security - the devil is in the detail
[Wroclaw #7] AWS (in)security - the devil is in the detail[Wroclaw #7] AWS (in)security - the devil is in the detail
[Wroclaw #7] AWS (in)security - the devil is in the detail
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & Compliance
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security
 
AWS Summit Auckland 2014 | Black Belt Tips on AWS
AWS Summit Auckland 2014 | Black Belt Tips on AWS AWS Summit Auckland 2014 | Black Belt Tips on AWS
AWS Summit Auckland 2014 | Black Belt Tips on AWS
 
AWS Public Sector Symposium 2014 Canberra | Black Belt Tips on AWS
AWS Public Sector Symposium 2014 Canberra | Black Belt Tips on AWS AWS Public Sector Symposium 2014 Canberra | Black Belt Tips on AWS
AWS Public Sector Symposium 2014 Canberra | Black Belt Tips on AWS
 
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOpsIn the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
 
Aws Solution Architecture Associate - summary
Aws Solution Architecture Associate - summaryAws Solution Architecture Associate - summary
Aws Solution Architecture Associate - summary
 
Using encryption with_aws
Using encryption with_awsUsing encryption with_aws
Using encryption with_aws
 
AWS Black Belt Tips
AWS Black Belt TipsAWS Black Belt Tips
AWS Black Belt Tips
 
AWS Black Belt Tips
AWS Black Belt TipsAWS Black Belt Tips
AWS Black Belt Tips
 
Practical Steps to Hackproofing AWS
Practical Steps to Hackproofing AWSPractical Steps to Hackproofing AWS
Practical Steps to Hackproofing AWS
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...
Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...
Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...
 
Owning aws infrastructure services
Owning aws infrastructure servicesOwning aws infrastructure services
Owning aws infrastructure services
 
Cloudifying your Security Operations on AWS
Cloudifying your Security Operations on AWSCloudifying your Security Operations on AWS
Cloudifying your Security Operations on AWS
 
Moving Quickly with Data Services in the Cloud
Moving Quickly with Data Services in the CloudMoving Quickly with Data Services in the Cloud
Moving Quickly with Data Services in the Cloud
 
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
 
So you think you are an aws ninja dean samuels
So you think you are an aws ninja dean samuelsSo you think you are an aws ninja dean samuels
So you think you are an aws ninja dean samuels
 

Mehr von Pawel Rzepa

Attacking aws workshops - teaser
Attacking aws workshops - teaserAttacking aws workshops - teaser
Attacking aws workshops - teaserPawel Rzepa
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestPawel Rzepa
 
Owasp for testing_mobile_apps_opd
Owasp for testing_mobile_apps_opdOwasp for testing_mobile_apps_opd
Owasp for testing_mobile_apps_opdPawel Rzepa
 
Fuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugsFuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugsPawel Rzepa
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10Pawel Rzepa
 
Ataki po stronie klienta w publicznych punktach dostępowych
Ataki po stronie klienta w publicznych punktach dostępowychAtaki po stronie klienta w publicznych punktach dostępowych
Ataki po stronie klienta w publicznych punktach dostępowychPawel Rzepa
 

Mehr von Pawel Rzepa (6)

Attacking aws workshops - teaser
Attacking aws workshops - teaserAttacking aws workshops - teaser
Attacking aws workshops - teaser
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forest
 
Owasp for testing_mobile_apps_opd
Owasp for testing_mobile_apps_opdOwasp for testing_mobile_apps_opd
Owasp for testing_mobile_apps_opd
 
Fuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugsFuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugs
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10
 
Ataki po stronie klienta w publicznych punktach dostępowych
Ataki po stronie klienta w publicznych punktach dostępowychAtaki po stronie klienta w publicznych punktach dostępowych
Ataki po stronie klienta w publicznych punktach dostępowych
 

Kürzlich hochgeladen

MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 

Kürzlich hochgeladen (20)

MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 

Aws(in)security - the devil is in the detail