Bringing a Machete to the Amazon: Securing AWS Applications
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the security challenges and vulnerabilities associated with migrating applications to Amazon Web Services (AWS) in this conference talk from AppSecUSA 2014. Delve into concrete examples and new techniques that reveal "full stack" vulnerabilities in AWS environments, from simple mistakes like exposing credentials to unexpected issues such as XXE injection and data leakage. Learn about a free assessment tool designed to map interactions between infrastructure and code, helping organizations navigate the complexities of AWS security. Gain insights into AWS as an operating system, its attack surface, and common pitfalls in cloud migration. Discover strategies for controlling API access, managing metadata, and leveraging advanced capabilities to enhance security in AWS deployments.
Syllabus
Intro
Welcome
Agenda
Cloud is an Operating System
Infrastructure is my code
Typical AWS application
AppSec perspective
The challenge
What does AWS offer
Problems with AWS
AWS as an operating system
AWS attack surface
Merchant insecurity
Strict change control
API
Vulnerabilities
Metadata
AWS Metadata
Examples
Controlling API Access
Private IP Addresses
Lack of Access Control
Tags
IP Address
Lack of Awareness
Cloud Atlas
Cloud Out
Cloud Trail Data
Advanced Cap Capabilities
Other Tools
Questions
Taught by
OWASP Foundation
Related Courses
Cybersecurity and Its Ten DomainsUniversity System of Georgia via Coursera Bases de données relationnelles : Comprendre pour maîtriser
Inria (French Institute for Research in Computer Science and Automation) via France Université Numerique Desarrollo de Aplicaciones Web: Seguridad
University of New Mexico via Coursera Web Application Development: Security
University of New Mexico via Coursera Computing, Storage and Security with Google Cloud Platform
Google via Coursera