Talk #1: “(Un) safe cloud — examples of vulnerabilities” by Kacper Szurek When we use the cloud, our data is physically safe — after all, it’s hard to imagine that someone can break into Amazon’s servers. But we forget that what the cloud also is — is the proper configuration and applications running there. During this presentation, you’ll see common mistakes made by programmers and administrators. We will start with the obvious settings of S3 buckets, the content of which is available to everyone on the Internet. Next, we’ll take a look at the permissions that allow us to perform the privilege escalation attack. Finally, we’ll talk about incorrectly implemented code run in Lambda. Bio He runs his own YouTube channel where he talks about complicated security subjects in a simple and easily understood way. In a free time he searches for vulnerabilities and describes them on his technical blog security.szurek.pl --------------------------------------------------------------------------------- Talk #2: “Macaroons - decentralized authorization in the cloud” by Wojciech Kocjan Abstract This presentation introduces you'll find out what macaroons are and how they can be used when building systems that are using microservices and/or are decentralized. We'll also dive into how macaroons can be used to perform authentication and authorization between services. Bio --------------------------------------------------------------------------------- Sponsors: ForkLog is helping us out this time by providing venue for the meetup.
Kacper Szurek works in ESET where he analyses and detects malicious software. After hours he works on promoting the knowledge about security.
Every week you can listen to him in his podcast named “Szurkogadanie” where he comments on the most interesting information from the world of cyber security.
Macaroons are cookies with contextual caveats for decentralized authorization in the cloud, or any distributed systems.
Wojciech Kocjan is an engineer with 10 years of experience with clouds and distributed systems. Currently an architect at Bitnami, company delivering open source apps for all major clouds.
Cloud Native meetup is an initiative of two companies:
VirtusLab - the founding sponsor of Kraków Cloud Native Group.
Bitnami - which supports the organization of the event from the very beginning.
Thursday, February 21, 2019
5:00 PM – 7:00 PM UTC
