Learning from AWS (Customer) Security Breaches with Rami McCarthy

▬▬▬▬▬▬ SHOW SPONSOR ✨ ▬▬▬▬▬▬ As a special offer for the OWASP DevSlop audience, sign up for a free 2-week Datadog trial and receive a Datadog t-shirt! https://www.datadoghq.com/owasp-devslop ▬▬▬▬▬▬ SHOW SPONSOR ✨ ▬▬▬▬▬▬ This show will discuss the public catalog of AWS Customer Security Incidents (https://github.com/ramimac/aws-customer-security-incidents), covering over twenty different public breaches. We’ll walk through the technical details of these attacks, establish the common root causes, look at lessons learned, and establish how you can proactively secure your environment against these real-world risks. Rami McCarthy Rami McCarthy is a Staff Security Engineer and reformed Security Consultant. He currently works at Cedar, scaling up security for a health-tech unicorn. He previously worked with NCC Group to assess & secure multiple Fortune 500 and most of the Big Five tech companies. Rami is the creator of sadcloud - a tool for terraform-ing purposefully insecure AWS infrastructure and is a contributor to ScoutSuite - an open-source multi-cloud auditing tool. He holds a B.S. in Computer Science and cybersecurity from Northeastern and an M.S. in Information Security Leadership from Brandeis. ▬▬▬▬▬▬ LINKS ✨ ▬▬▬▬▬▬ SLIDES: https://speakerdeck.com/ramimac/learning-from-aws-customer-security-incidents-2022 BLOG POSTS http://ramimac.me/cloudsec/security/aws-iam-tool-reference/ Tool recommendation: https://github.com/iann0036/iamlive https://github.com/salesforce/cloudsplaining