SlideShare ist ein Scribd-Unternehmen logo

AWS security - NULL meet chennai

Als PPTX, PDF herunterladen
vinoth kumar
vinoth kumar

At the end of this presentation, audience will be aware of the following topics. 1. Introduction to AWS 2. Accessing AWS console via cli. 3. Launching and logging into an EC2 instance 4. Creating a S3 bucket and uploading an image. 5. Security misconfigurations in S3 bucket. 6. Subdomain takeover via S3 bucket. 7. Hardcoded AWS credentials in github. 8. Aasna AWS credentials leak using pixel flood attack 9. Murder in the cloud - Codespace hack

Technologie
1 von 15
AWS Security n|u - The Open security community Chennai Meet Presenter : Vinoth Kumar Date : 18/03/2017
# About Me Application security engineer @ Freshdesk Blogger @ http://www.tutorgeeks.net Email @ vinothpkumar333@gmail.com https://null.co.in/profile/294-vinothpkumar
What is AWS Amazon Web Services (AWS) is a “secure“ cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow. Getting started with AWS Create an account in AWS and start playing with their services - https://aws.amazon.com/free/ Valid Credit card is required for account creation.
AWS Services Amazon Elastic Compute - EC2 Amazon Simple Storage Service - S3 Amazon Relational Database Service - RDS Amazon CloudFront - CDN
Why AWS No need for a Infrastructure capability - Cost saved No need for more employee resources - Cost saved Helps in obtaining industry certifications like ISO 270001, etc in ease - Less tension :)
Accessing AWS using CLI The AWS Command Line Interface is a unified tool to manage your AWS services. pip install awscli cd <path_to_awscli> python setup.py install aws configure AWS Access Key ID: ←----------------------> AWS Secret Access Key: ←----------------------> Default region name [us-west-2]: us-west-2 Default output format [None]: json https://aws.amazon.com/cli/
AWS S3 - Internet’s hard drive is down AWS S3 service was down on Feb28th. What exactly happened? Human Error - Accidentally deleted 2 main servers supporting S3 operation. S3 outage affected other AWS services like ELB, IOT etc., which depends on S3.
EC2 Instance IP disclosure 1. Send a GET request to example.com 2. Change the HTTP version from 1.1 to 1.0 3. Remove the HOST header. ( Since HTTP 1.0 doesn’t require a HOST header. Source - Web application hacker’s handbook ) 4. Add a traversal attack ( GET /.. ) and forward the request. 5. Observe the IP being disclosed in the location header.
S3 Bucket Misconfiguration “bucketname.s3-ap-southeast-1.amazonaws.com” Vulnerability : “Write access to any AWS Authenticated user” Vinoth:~ aws s3 mv malicious.bat s3://bucketname move. ./malicious.bat s3://bucketname/malicious.exe The issue has been reported and it is fixed. Vinoth:~ vinoth$ aws s3 mv demo.txt s3://bucketname move failed: ./demo.txt to s3://bucketname/demo.txt An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
S3 Bucket - Subdomain takeover Enumerate the subdomains. It’s not so difficult to hit this command - knockpy example.com Keep an eye for the following error messages while viewing the subdomains - “No such bucket” / “Bucket doesn’t exist” Investigate the subdomain - dig / nslookup subdomain.example.com subdomain.example.com CNAME “bucketname.s3.amazonaws.com” Create the above bucket in your AWS and host your subdomain takeover page. Now “subdomain.example.com” will show your hosted page.
Asana - AWS key disclosure Uploaded 65000x65000 pixel image in the profile picture. S3 Bucket couldn’t accommodate the huge pixel image. Error message is shown along with AWS Access and Secret key. Bounty awarded : 500 USD https://molico.tomahock.com/lottapixel-my-first-500-bounty-d3e678da1861#.88buoaod6
AWS Keys Exposed Developers by mistake hardcode their AWS credentials in github. https://gitleaks.com/search?q=AWS
Murder in the cloud Code space - AWS Root credentials were hacked. Attacker asked for Ransom - Code Space refused. Attacker got frustrated and deleted their AWS account. Unfortunately, their backup data was also stored in their AWS account. Codespace was shut down completely. No means of retrieving the data. Key takeaways : Have offsite backup. http://www.infoworld.com/article/2608076/data-center/murder-in-the-amazon-cloud.html
Resources for Learning AWS Security https://aws.amazon.com/blogs/security/ - Official AWS security blog. http://flaws.cloud - CTF Challenge to learn AWS security. https://www.slideshare.net/search/slideshow?searchfrom=header&q=AWS+Security
AWS security - NULL meet chennai

Empfohlen

(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014Amazon Web Services
 
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013Amazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
(SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive (SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive Amazon Web Services
 
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon CognitoAmazon Web Services
 
Amazon AWS Free-Tier
Amazon AWS Free-TierAmazon AWS Free-Tier
Amazon AWS Free-TierThanh Nguyen
 
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014Amazon Web Services
 
AWS re:Invent 2016: The Secret to SaaS (Hint: It's Identity) (GPSSI404)
AWS re:Invent 2016: The Secret to SaaS (Hint: It's Identity) (GPSSI404)AWS re:Invent 2016: The Secret to SaaS (Hint: It's Identity) (GPSSI404)
AWS re:Invent 2016: The Secret to SaaS (Hint: It's Identity) (GPSSI404)Amazon Web Services
 

Empfohlen

(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014Amazon Web Services
 
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013Amazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
(SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive (SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive Amazon Web Services
 
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon CognitoAmazon Web Services
 
Amazon AWS Free-Tier
Amazon AWS Free-TierAmazon AWS Free-Tier
Amazon AWS Free-TierThanh Nguyen
 
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014Amazon Web Services
 
AWS re:Invent 2016: The Secret to SaaS (Hint: It's Identity) (GPSSI404)
AWS re:Invent 2016: The Secret to SaaS (Hint: It's Identity) (GPSSI404)AWS re:Invent 2016: The Secret to SaaS (Hint: It's Identity) (GPSSI404)
AWS re:Invent 2016: The Secret to SaaS (Hint: It's Identity) (GPSSI404)Amazon Web Services
 
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Amazon Web Services
 
Serverless security: defense against the dark arts
Serverless security: defense against the dark artsServerless security: defense against the dark arts
Serverless security: defense against the dark artsYan Cui
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAmazon Web Services
 
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the CloudAmazon Web Services
 
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...Amazon Web Services
 
Amazon Web Services: Overview of Security Processes
Amazon Web Services: Overview of Security ProcessesAmazon Web Services: Overview of Security Processes
Amazon Web Services: Overview of Security Processeswhite paper
 
Federation
FederationFederation
FederationAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
Of CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityOf CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityJohn Varghese
 
AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day Amazon Web Services
 
Announcements for Mobile Developers
Announcements for Mobile DevelopersAnnouncements for Mobile Developers
Announcements for Mobile DevelopersAmazon Web Services
 
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...Amazon Web Services
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep DiveAmazon Web Services
 
Addressing Amazon Inspector Assessment Findings - September 2016 Webinar Series
Addressing Amazon Inspector Assessment Findings - September 2016 Webinar SeriesAddressing Amazon Inspector Assessment Findings - September 2016 Webinar Series
Addressing Amazon Inspector Assessment Findings - September 2016 Webinar SeriesAmazon Web Services
 
February 2016 Webinar Series - Introducing VPC Support for AWS Lambda
February 2016 Webinar Series - Introducing VPC Support for AWS LambdaFebruary 2016 Webinar Series - Introducing VPC Support for AWS Lambda
February 2016 Webinar Series - Introducing VPC Support for AWS LambdaAmazon Web Services
 
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...Amazon Web Services
 
Moving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaMoving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaChris Farris
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
 
Practical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWSPractical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWSAmazon Web Services
 
Intro To Serverless Architectures
Intro To Serverless ArchitecturesIntro To Serverless Architectures
Intro To Serverless ArchitecturesAdi Challa
 
Introduction to Bigdata and HADOOP
Introduction to Bigdata and HADOOP Introduction to Bigdata and HADOOP
Introduction to Bigdata and HADOOP vinoth kumar
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheLeslie Samuel
 

Weitere ähnliche Inhalte

Was ist angesagt?

Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Amazon Web Services
 
Serverless security: defense against the dark arts
Serverless security: defense against the dark artsServerless security: defense against the dark arts
Serverless security: defense against the dark artsYan Cui
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAmazon Web Services
 
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the CloudAmazon Web Services
 
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...Amazon Web Services
 
Amazon Web Services: Overview of Security Processes
Amazon Web Services: Overview of Security ProcessesAmazon Web Services: Overview of Security Processes
Amazon Web Services: Overview of Security Processeswhite paper
 
Of CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityOf CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityJohn Varghese
 
AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day Amazon Web Services
 
Announcements for Mobile Developers
Announcements for Mobile DevelopersAnnouncements for Mobile Developers
Announcements for Mobile DevelopersAmazon Web Services
 
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...Amazon Web Services
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep DiveAmazon Web Services
 
Addressing Amazon Inspector Assessment Findings - September 2016 Webinar Series
Addressing Amazon Inspector Assessment Findings - September 2016 Webinar SeriesAddressing Amazon Inspector Assessment Findings - September 2016 Webinar Series
Addressing Amazon Inspector Assessment Findings - September 2016 Webinar SeriesAmazon Web Services
 
February 2016 Webinar Series - Introducing VPC Support for AWS Lambda
February 2016 Webinar Series - Introducing VPC Support for AWS LambdaFebruary 2016 Webinar Series - Introducing VPC Support for AWS Lambda
February 2016 Webinar Series - Introducing VPC Support for AWS LambdaAmazon Web Services
 
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...Amazon Web Services
 
Moving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaMoving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaChris Farris
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
 
Practical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWSPractical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWSAmazon Web Services
 
Intro To Serverless Architectures
Intro To Serverless ArchitecturesIntro To Serverless Architectures
Intro To Serverless ArchitecturesAdi Challa
 

Was ist angesagt? (20)

Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
 
Serverless security: defense against the dark arts
Serverless security: defense against the dark artsServerless security: defense against the dark arts
Serverless security: defense against the dark arts
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices Masterclass
 
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud
 
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
 
Amazon Web Services: Overview of Security Processes
Amazon Web Services: Overview of Security ProcessesAmazon Web Services: Overview of Security Processes
Amazon Web Services: Overview of Security Processes
 
Federation
FederationFederation
Federation
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
Of CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityOf CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills security
 
AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day
 
Announcements for Mobile Developers
Announcements for Mobile DevelopersAnnouncements for Mobile Developers
Announcements for Mobile Developers
 
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive
 
Addressing Amazon Inspector Assessment Findings - September 2016 Webinar Series
Addressing Amazon Inspector Assessment Findings - September 2016 Webinar SeriesAddressing Amazon Inspector Assessment Findings - September 2016 Webinar Series
Addressing Amazon Inspector Assessment Findings - September 2016 Webinar Series
 
February 2016 Webinar Series - Introducing VPC Support for AWS Lambda
February 2016 Webinar Series - Introducing VPC Support for AWS LambdaFebruary 2016 Webinar Series - Introducing VPC Support for AWS Lambda
February 2016 Webinar Series - Introducing VPC Support for AWS Lambda
 
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
 
Moving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaMoving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit Atlanta
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
 
Practical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWSPractical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWS
 
Intro To Serverless Architectures
Intro To Serverless ArchitecturesIntro To Serverless Architectures
Intro To Serverless Architectures
 

Andere mochten auch

Introduction to Bigdata and HADOOP
Introduction to Bigdata and HADOOP Introduction to Bigdata and HADOOP
Introduction to Bigdata and HADOOP vinoth kumar
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheLeslie Samuel
 
Implementing Your Own Chatbot Platform!
Implementing Your Own Chatbot Platform!Implementing Your Own Chatbot Platform!
Implementing Your Own Chatbot Platform!Oracle Developers
 
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveAWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveJason Chan
 
AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”Amazon Web Services
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Riyaz Walikar
 
Guardaviñas Marzo 2017
Guardaviñas Marzo 2017Guardaviñas Marzo 2017
Guardaviñas Marzo 2017Gon-cruz
 
DEALING WITH HARASSMENT AND DISCRIMINATION- ETHICS
DEALING WITH HARASSMENT AND DISCRIMINATION- ETHICSDEALING WITH HARASSMENT AND DISCRIMINATION- ETHICS
DEALING WITH HARASSMENT AND DISCRIMINATION- ETHICSRubina Sumalde
 
Family-friendly practices at Finnish workplaces in 2014 and in 2015
Family-friendly practices at Finnish workplaces in 2014 and in 2015Family-friendly practices at Finnish workplaces in 2014 and in 2015
Family-friendly practices at Finnish workplaces in 2014 and in 2015Työterveyslaitos
 
Les taxonomies, un système flexible et puissant - WordCamp Bordeaux 2017
Les taxonomies, un système flexible et puissant - WordCamp Bordeaux 2017Les taxonomies, un système flexible et puissant - WordCamp Bordeaux 2017
Les taxonomies, un système flexible et puissant - WordCamp Bordeaux 2017Frédéric Demarle
 
Konversio optimointi
Konversio optimointiKonversio optimointi
Konversio optimointiJani Aaltonen
 
eTapas erstellen - kann ich das auch?
eTapas erstellen - kann ich das auch?eTapas erstellen - kann ich das auch?
eTapas erstellen - kann ich das auch?Robert Schrenk
 
Introducing DocumentDB
Introducing DocumentDB Introducing DocumentDB
Introducing DocumentDB James Serra
 

Andere mochten auch (20)

Introduction to Bigdata and HADOOP
Introduction to Bigdata and HADOOP Introduction to Bigdata and HADOOP
Introduction to Bigdata and HADOOP
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
 
Implementing Your Own Chatbot Platform!
Implementing Your Own Chatbot Platform!Implementing Your Own Chatbot Platform!
Implementing Your Own Chatbot Platform!
 
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveAWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
 
AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”
 
Shared Security in AWS
Shared Security in AWSShared Security in AWS
Shared Security in AWS
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS Security
 
Intro to AWS Security
Intro to AWS SecurityIntro to AWS Security
Intro to AWS Security
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638
 
[FOSSASIA 2017] Nico-Tech, Tech for fun community and culture in Japan
[FOSSASIA 2017] Nico-Tech, Tech for fun community and culture in Japan[FOSSASIA 2017] Nico-Tech, Tech for fun community and culture in Japan
[FOSSASIA 2017] Nico-Tech, Tech for fun community and culture in Japan
 
Guardaviñas Marzo 2017
Guardaviñas Marzo 2017Guardaviñas Marzo 2017
Guardaviñas Marzo 2017
 
Introduzione a Wikipedia
Introduzione a WikipediaIntroduzione a Wikipedia
Introduzione a Wikipedia
 
Standartu loma tehniskās dokumentācijas sagatavošanā
Standartu loma tehniskās dokumentācijas sagatavošanāStandartu loma tehniskās dokumentācijas sagatavošanā
Standartu loma tehniskās dokumentācijas sagatavošanā
 
DEALING WITH HARASSMENT AND DISCRIMINATION- ETHICS
DEALING WITH HARASSMENT AND DISCRIMINATION- ETHICSDEALING WITH HARASSMENT AND DISCRIMINATION- ETHICS
DEALING WITH HARASSMENT AND DISCRIMINATION- ETHICS
 
Family-friendly practices at Finnish workplaces in 2014 and in 2015
Family-friendly practices at Finnish workplaces in 2014 and in 2015Family-friendly practices at Finnish workplaces in 2014 and in 2015
Family-friendly practices at Finnish workplaces in 2014 and in 2015
 
Les taxonomies, un système flexible et puissant - WordCamp Bordeaux 2017
Les taxonomies, un système flexible et puissant - WordCamp Bordeaux 2017Les taxonomies, un système flexible et puissant - WordCamp Bordeaux 2017
Les taxonomies, un système flexible et puissant - WordCamp Bordeaux 2017
 
Konversio optimointi
Konversio optimointiKonversio optimointi
Konversio optimointi
 
eTapas erstellen - kann ich das auch?
eTapas erstellen - kann ich das auch?eTapas erstellen - kann ich das auch?
eTapas erstellen - kann ich das auch?
 
Introducing DocumentDB
Introducing DocumentDB Introducing DocumentDB
Introducing DocumentDB
 

Ähnlich wie AWS security - NULL meet chennai

윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션
윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션
윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션Amazon Web Services Korea
 
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...Amazon Web Services
 
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Amazon Web Services
 
How to implement data encryption at rest in compliance with enterprise requir...
How to implement data encryption at rest in compliance with enterprise requir...How to implement data encryption at rest in compliance with enterprise requir...
How to implement data encryption at rest in compliance with enterprise requir...Steffen Mazanek
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Amazon Web Services
 
AWS Cyber Security Best Practices
AWS Cyber Security Best PracticesAWS Cyber Security Best Practices
AWS Cyber Security Best PracticesDoiT International
 
Aw some day_essentials3.2ish_072214
Aw some day_essentials3.2ish_072214Aw some day_essentials3.2ish_072214
Aw some day_essentials3.2ish_072214Amazon Web Services
 
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Jay Zarfoss
 
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...Amazon Web Services
 
AWS Black Belt Tips for IT Operations
AWS Black Belt Tips for IT OperationsAWS Black Belt Tips for IT Operations
AWS Black Belt Tips for IT OperationsAmazon Web Services
 
Serverless architecture with AWS Lambda (June 2016)
Serverless architecture with AWS Lambda (June 2016)Serverless architecture with AWS Lambda (June 2016)
Serverless architecture with AWS Lambda (June 2016)Julien SIMON
 
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...Vladimir Samoylov
 
Best Practices for Security at Scale
Best Practices for Security at Scale Best Practices for Security at Scale
Best Practices for Security at Scale Amazon Web Services
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS Amazon Web Services
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
 

Ähnlich wie AWS security - NULL meet chennai (20)

Sec301 Security @ (Cloud) Scale
Sec301 Security @ (Cloud) ScaleSec301 Security @ (Cloud) Scale
Sec301 Security @ (Cloud) Scale
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
 
윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션
윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션
윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션
 
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...
 
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
 
How to implement data encryption at rest in compliance with enterprise requir...
How to implement data encryption at rest in compliance with enterprise requir...How to implement data encryption at rest in compliance with enterprise requir...
How to implement data encryption at rest in compliance with enterprise requir...
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts
 
AWS Cyber Security Best Practices
AWS Cyber Security Best PracticesAWS Cyber Security Best Practices
AWS Cyber Security Best Practices
 
Aw some day_essentials3.2ish_072214
Aw some day_essentials3.2ish_072214Aw some day_essentials3.2ish_072214
Aw some day_essentials3.2ish_072214
 
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
 
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...
 
AWS Black Belt Tips for IT Operations
AWS Black Belt Tips for IT OperationsAWS Black Belt Tips for IT Operations
AWS Black Belt Tips for IT Operations
 
Aws security Fundamentals
Aws security Fundamentals Aws security Fundamentals
Aws security Fundamentals
 
AWS Serverless Workshop
AWS Serverless WorkshopAWS Serverless Workshop
AWS Serverless Workshop
 
Serverless architecture with AWS Lambda (June 2016)
Serverless architecture with AWS Lambda (June 2016)Serverless architecture with AWS Lambda (June 2016)
Serverless architecture with AWS Lambda (June 2016)
 
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...
 
Advanced AWS Security Workshop
Advanced AWS Security WorkshopAdvanced AWS Security Workshop
Advanced AWS Security Workshop
 
Best Practices for Security at Scale
Best Practices for Security at Scale Best Practices for Security at Scale
Best Practices for Security at Scale
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
 

Mehr von vinoth kumar

G suite misconfigurations- Null meet, Chennai
G suite misconfigurations- Null meet, ChennaiG suite misconfigurations- Null meet, Chennai
G suite misconfigurations- Null meet, Chennaivinoth kumar
 
Github security bug bounty hunting
Github security bug bounty huntingGithub security bug bounty hunting
Github security bug bounty huntingvinoth kumar
 
Oauth 2.0 security
Oauth 2.0 securityOauth 2.0 security
Oauth 2.0 securityvinoth kumar
 
Securing your vpc in aws
Securing your vpc in awsSecuring your vpc in aws
Securing your vpc in awsvinoth kumar
 
Yet another talk on bug bounty
Yet another talk on bug bountyYet another talk on bug bounty
Yet another talk on bug bountyvinoth kumar
 
API Security - Null meet
API Security - Null meetAPI Security - Null meet
API Security - Null meetvinoth kumar
 

Mehr von vinoth kumar (6)

G suite misconfigurations- Null meet, Chennai
G suite misconfigurations- Null meet, ChennaiG suite misconfigurations- Null meet, Chennai
G suite misconfigurations- Null meet, Chennai
 
Github security bug bounty hunting
Github security bug bounty huntingGithub security bug bounty hunting
Github security bug bounty hunting
 
Oauth 2.0 security
Oauth 2.0 securityOauth 2.0 security
Oauth 2.0 security
 
Securing your vpc in aws
Securing your vpc in awsSecuring your vpc in aws
Securing your vpc in aws
 
Yet another talk on bug bounty
Yet another talk on bug bountyYet another talk on bug bounty
Yet another talk on bug bounty
 
API Security - Null meet
API Security - Null meetAPI Security - Null meet
API Security - Null meet
 

Kürzlich hochgeladen

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 

AWS security - NULL meet chennai

  • 1. AWS Security n|u - The Open security community Chennai Meet Presenter : Vinoth Kumar Date : 18/03/2017
  • 2. # About Me Application security engineer @ Freshdesk Blogger @ http://www.tutorgeeks.net Email @ vinothpkumar333@gmail.com https://null.co.in/profile/294-vinothpkumar
  • 3. What is AWS Amazon Web Services (AWS) is a “secure“ cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow. Getting started with AWS Create an account in AWS and start playing with their services - https://aws.amazon.com/free/ Valid Credit card is required for account creation.
  • 4. AWS Services Amazon Elastic Compute - EC2 Amazon Simple Storage Service - S3 Amazon Relational Database Service - RDS Amazon CloudFront - CDN
  • 5. Why AWS No need for a Infrastructure capability - Cost saved No need for more employee resources - Cost saved Helps in obtaining industry certifications like ISO 270001, etc in ease - Less tension :)
  • 6. Accessing AWS using CLI The AWS Command Line Interface is a unified tool to manage your AWS services. pip install awscli cd <path_to_awscli> python setup.py install aws configure AWS Access Key ID: ←----------------------> AWS Secret Access Key: ←----------------------> Default region name [us-west-2]: us-west-2 Default output format [None]: json https://aws.amazon.com/cli/
  • 7. AWS S3 - Internet’s hard drive is down AWS S3 service was down on Feb28th. What exactly happened? Human Error - Accidentally deleted 2 main servers supporting S3 operation. S3 outage affected other AWS services like ELB, IOT etc., which depends on S3.
  • 8. EC2 Instance IP disclosure 1. Send a GET request to example.com 2. Change the HTTP version from 1.1 to 1.0 3. Remove the HOST header. ( Since HTTP 1.0 doesn’t require a HOST header. Source - Web application hacker’s handbook ) 4. Add a traversal attack ( GET /.. ) and forward the request. 5. Observe the IP being disclosed in the location header.
  • 9. S3 Bucket Misconfiguration “bucketname.s3-ap-southeast-1.amazonaws.com” Vulnerability : “Write access to any AWS Authenticated user” Vinoth:~ aws s3 mv malicious.bat s3://bucketname move. ./malicious.bat s3://bucketname/malicious.exe The issue has been reported and it is fixed. Vinoth:~ vinoth$ aws s3 mv demo.txt s3://bucketname move failed: ./demo.txt to s3://bucketname/demo.txt An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
  • 10. S3 Bucket - Subdomain takeover Enumerate the subdomains. It’s not so difficult to hit this command - knockpy example.com Keep an eye for the following error messages while viewing the subdomains - “No such bucket” / “Bucket doesn’t exist” Investigate the subdomain - dig / nslookup subdomain.example.com subdomain.example.com CNAME “bucketname.s3.amazonaws.com” Create the above bucket in your AWS and host your subdomain takeover page. Now “subdomain.example.com” will show your hosted page.
  • 11. Asana - AWS key disclosure Uploaded 65000x65000 pixel image in the profile picture. S3 Bucket couldn’t accommodate the huge pixel image. Error message is shown along with AWS Access and Secret key. Bounty awarded : 500 USD https://molico.tomahock.com/lottapixel-my-first-500-bounty-d3e678da1861#.88buoaod6
  • 12. AWS Keys Exposed Developers by mistake hardcode their AWS credentials in github. https://gitleaks.com/search?q=AWS
  • 13. Murder in the cloud Code space - AWS Root credentials were hacked. Attacker asked for Ransom - Code Space refused. Attacker got frustrated and deleted their AWS account. Unfortunately, their backup data was also stored in their AWS account. Codespace was shut down completely. No means of retrieving the data. Key takeaways : Have offsite backup. http://www.infoworld.com/article/2608076/data-center/murder-in-the-amazon-cloud.html
  • 14. Resources for Learning AWS Security https://aws.amazon.com/blogs/security/ - Official AWS security blog. http://flaws.cloud - CTF Challenge to learn AWS security. https://www.slideshare.net/search/slideshow?searchfrom=header&q=AWS+Security