Register now for SANS Cyber Defense Initiative 2016 and save $400.

Golden Gate 2013

San Francisco, CA | Mon, Dec 16 - Sat, Dec 21, 2013

Client Access is the Achilles' Heel of the Cloud...

  • Bryce Galbraith
  • Tuesday, December 17th, 7:15pm - 8:15pm

Representations of cloud infrastructures often reassure us of their robust security mechanisms by prominently displaying the familiar gold lock in the center of the cloud. While many cloud providers genuinely do strive to deliver confidentiality, integrity, and availability the vital question remains: "Is our data actually secure or not?"

The elephant in the room is that client access is the Achilles' heel of the cloud. This talk has been rejected by more than one cloud conference because they would usually rather not talk about these risks. The truth remains, our data is vulnerable virtually everywhere except the cloud (assuming it is actually secure there to begin with).

This talk will clearly illustrate the realities of cloud infrastructure risks for those people who desire to look beyond the cost-savings and operational benefits clouds can provide and truly protect their zeros and ones, wherever they end up.

Numerous demonstrations of hacker tools and techniques will show how attackers can access data even when the cloud infrastructure itself does not have any known vulnerabilities (e.g. sql-injection, XSS, session management flaws or other logic flaws) by simply bypassing most of the security controls we rely on when using cloud resources.

If you are serious about protecting your data, you will want to be keenly aware of these risks...

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Monday, December 16
Session Speaker Time Type
General Session - Welcome to SANS Johannes Ullrich Monday, December 16th, 8:15am - 8:45am Special Events
The Security Impact of IPv6 Johannes Ullrich Monday, December 16th, 7:15pm - 9:15pm Keynote
Tuesday, December 17
Session Speaker Time Type
Client Access is the Achilles' Heel of the Cloud... Bryce Galbraith Tuesday, December 17th, 7:15pm - 8:15pm SANS@Night
Wednesday, December 18
Session Speaker Time Type
SANS Technology Institute Open House Johannes Ullrich Wednesday, December 18th, 7:15pm - 7:45pm Special Events
GIAC Program Overview Johannes Ullrich Wednesday, December 18th, 7:45pm - 8:15pm Special Events
Friday, December 20
Session Speaker Time Type
Standards for Cyber Threat Intelligence Greg Farnham - Masterâs Degree Candidate Friday, December 20th, 7:15pm - 7:55pm Special Events