This webinar covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.

 

Key Discussion Points

  • Understanding current cloud threats landscape
  • Reviewing cloud attack vectors
  • Recent examples of cloud security incidents
  • Prioritize cloud security efforts

 

About Speaker

Moshe Ferber (Cloud Security Expert, Frequent Speaker at Defcon, Blackhat, RSAC APJ). Moshe served as high ranking manager in large corporations, founder of innovative startups, frequent lecturer at cyber conferences and major contributor to various cloud education programs and certifications.

 

(Webinar) Recorded

 

Discussion Highlights

1. CSA relevant publications

b1.jpg?profile=RESIZE_710x

 

2.  IaaS/PaaS

  • SaaS - Evaluate our providers correctly
  • PaaS - Very hard to provide best practices
  • IaaS - Gain the expertise for building secure applications

 

3. Exploitable workloads

  • Atlassian Confluence servers hacked via Zero-Day Vulnerability
  • Hildegard new team TNT Cryptojacking Malware targeting Kubernetes

 

4. Workloads with excessive permissions

  • A hacker gained access to 100 million capital one credit card applications and accounts
  • The attack on ONUS - areal life case of the Log4shell vulnerability

 

5. Unsecured keys, credentials, and application secrets

  • Samsung spilled smart things app source code and secret keys
  • CIrcle CI says hackers stole encryption keys and customers secrets

 

6. Exploitable authentication or authorization

b2.jpg?profile=RESIZE_710x

 

 

7. Unauthorized access to object storage

b3.jpg?profile=RESIZE_710x

 

 

8. Third party cross environment/account access leading to privilege escalation

b4.jpg?profile=RESIZE_710x

 

(PPT) Presentation From The Discussion

 

 

 

E-mail me when people leave their comments –

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform