Talk #1: “(Un) safe cloud — examples of vulnerabilities” by Kacper Szurek
When we use the cloud, our data is physically safe — after all, it’s hard to imagine that someone can break into Amazon’s servers. But we forget that what the cloud also is — is the proper configuration and applications running there.
During this presentation, you’ll see common mistakes made by programmers and administrators. We will start with the obvious settings of S3 buckets, the content of which is available to everyone on the Internet.
Next, we’ll take a look at the permissions that allow us to perform the privilege escalation attack. Finally, we’ll talk about incorrectly implemented code run in Lambda.
Bio Kacper Szurek works in ESET where he analyses and detects malicious software. After hours he works on promoting the knowledge about security.
He runs his own YouTube channel where he talks about complicated security subjects in a simple and easily understood way. Every week you can listen to him in his podcast named “Szurkogadanie” where he comments on the most interesting information from the world of cyber security.
In a free time he searches for vulnerabilities and describes them on his technical blog security.szurek.pl
Sponsors: Cloud Native meetup is an initiative of two companies: VirtusLab - the founding sponsor of Kraków Cloud Native Group. Bitnami - which supports the organization of the event from the very beginning.
ForkLog is helping us out this time by providing venue for the meetup.