This webinar covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Key Discussion Points
- Understanding current cloud threats landscape
- Reviewing cloud attack vectors
- Recent examples of cloud security incidents
- Prioritize cloud security efforts
About Speaker
Moshe Ferber (Cloud Security Expert, Frequent Speaker at Defcon, Blackhat, RSAC APJ). Moshe served as high ranking manager in large corporations, founder of innovative startups, frequent lecturer at cyber conferences and major contributor to various cloud education programs and certifications.
(Webinar) Recorded
Discussion Highlights
1. CSA relevant publications
2. IaaS/PaaS
- SaaS - Evaluate our providers correctly
- PaaS - Very hard to provide best practices
- IaaS - Gain the expertise for building secure applications
3. Exploitable workloads
- Atlassian Confluence servers hacked via Zero-Day Vulnerability
- Hildegard new team TNT Cryptojacking Malware targeting Kubernetes
4. Workloads with excessive permissions
- A hacker gained access to 100 million capital one credit card applications and accounts
- The attack on ONUS - areal life case of the Log4shell vulnerability
5. Unsecured keys, credentials, and application secrets
- Samsung spilled smart things app source code and secret keys
- CIrcle CI says hackers stole encryption keys and customers secrets
6. Exploitable authentication or authorization
7. Unauthorized access to object storage
8. Third party cross environment/account access leading to privilege escalation
(PPT) Presentation From The Discussion
Comments