Triad NC ISSA Monthly Meeting - 2018-11 @ Forsyth Tech

Event Information

Share this event

Date and Time

Location

Location

Forsyth Technical Community College

2100 Silas Creek Parkway

Dewitt E. Rhoades Conference Center in the Robert L. Strickland Center

Winston-Salem, NC 27103

View Map

Refund Policy

Refund Policy

Refunds up to 1 day before event

Event description

Description

Note:  this meeting is on the THIRD Thursday due to the Thanksgiving holiday.

Agenda:

1. Meet, greet, network, and dinner (will be provided) (6:00 pm - 6:45 pm)

2. Chapter business (6:45 pm - 7:00 pm)

3. Presentation (7:00 pm - 8:00 pm): A Bucket of Fail

Abstract:

Cloud platforms are a massive win for organizations of all sizes. Cloud computing means anyone in an organization can stand up a publicly facing computing environment with nothing more than a credit card. Unfortunately, the incredible speed can come at a cost for information security. Nowhere is this more evident than with cloud storage. Amazon's Simple Storage Solutions (S3) is by far the most popular cloud storage platform. Although secure by default, it is easy to accidentally expose sensitive information with weak permissions. Even experienced system administrators might make configuration mistakes and accidentally expose internal components. Common penetration testing methods for checking S3 bucket permissions are woefully inadequate for the volume of objects stored in S3. This presentation covers common misconfigurations with S3 and methods to verify strong S3 permissions including a script to automate permission checks. This script has successfully checked S3 object permissions on more than 10 million files in a few hours – finding the 6 misconfigured files and avoiding a breach.

Presenter's Biography:

Stephen Deck is a senior application security consultant for DirectDefense where he performs security testing on web, mobile, and client-side applications. Stephen previously worked as a security engineer, incident responder, software developer, and an infantry officer. Stephen's current work focuses on identifying software vulnerabilities, writing exploits, improving application testing methodologies, and better integrating software security in the software development lifecycle.

Date and Time

Location

Forsyth Technical Community College

2100 Silas Creek Parkway

Dewitt E. Rhoades Conference Center in the Robert L. Strickland Center

Winston-Salem, NC 27103

View Map

Refund Policy

Refunds up to 1 day before event

Save This Event

Event Saved