Bringing a Machete to the Amazon

Presented at Black Hat Europe 2014, Oct. 17, 2014, 2:15 p.m. (60 minutes).

Amazon Web Services (AWS) is billed as an amazingly secure and resilient cloud services provider, but what is the reality once you look past that pristine environment and the manicured forests give way to dark jungle as you start to migrate existing applications to the AWS Cloud or design new ones for AWS exclusively?

In this talk, we will explore Amazon Web Services and the advent of "full stack" vulnerabilities and how they create new security pitfalls when migrating to and operating in an AWS world. From the unexpected to the unintended, many examples will be shared along side new techniques showing how you have likely already exposed your applications and infrastructure to attack through misunderstanding, ignorance, or bad actors.

To address these challenges, this presentation will also reveal and demonstrate a free tool we have designed to assess AWS applications, map out the interactions between infrastructure and code, and help individuals and organizations get clarity and bring a machete to the Amazon Cloud.


Presenters:

  • Erik Peterson - Veracode
    Erik Peterson is the Director of Technology Strategy for Veracode with 17 years of security industry experience, including senior leadership and technology roles for HP, SPI Dynamics, GuardedNet, and Sanctum. Erik has also held InfoSec roles at Moody's and SunTrust Bank and IT roles for the US Embassy in Vienna, Austria and the United Nations International Atomic Energy Agency. Erik has spoken at numerous events including OWASP, ISSA, ISACA, InfraGard and B-Sides and is a contributing member of the Cloud Security Alliance.

Links:

Similar Presentations: