Mission critical apps are being deployed to Amazon's cloud and most information security experts have no clue on what needs to be analyzed to make sure deployment is secure.
As we'll learn in this webcast "classic" security testing is not enough, knowledge about Amazon's EC2 life-cycle, user-data, IAM roles, security groups and other Amazon cloud services are required when testing and exploiting application deployments.
The webcast will introduce Amazon Web Services' security basics from an attacker's perspective. We'll review the AWS-related actions an attacker can perform after gaining access to an EC2 instance, focusing on user-data scripts, IAM permissions and privilege escalation.
Andres Riancho is an application security expert who leads the community-driven, Open Source, w3af project and provides in-depth Web Application Penetration Testing services to companies around the world. In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS; and contributed with SAP research performed at his former employer. His main focus has always been the Web Application Security field, in which he developed w3af, a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants. Andrs founded Bonsai in 2009 to further research automated Web Application Vulnerability detection and exploitation.
Jigar Shah is a Senior Product Manager at Palo Alto Networks. He manages the VM-Series products that provide next-generation firewall security for public clouds. Prior to that he was a product manager at Dell Wyse where he was responsible for cloud-based and on-premises management of thin clients for desktop virtualization.