Exfiltrating Credentials in the Big 3 Clouds, excerpt from New SEC510: Public Cloud Security: AWS, Azure, and GCP class

  • Webcast Aired Thursday, 10 Jun 2021 9:00AM SST (10 Jun 2021 01:00 UTC)
  • Speaker: Brandon Evans

The Big 3 providers alone provide more services than any one company can consume. As security professionals, it can be tempting to limit what the developers use to the tried and true solutions of yesteryear. For better or worse, this approach will inevitably fail as the product development organisation sidelines a security organisation that is unwilling to change. Functionality drives adoption, not security, and if a team discovers a service offering that can help them get their product to market quicker than the competition, they can and should use it. SEC510 provides cloud security practitioners, analysts, and researchers an in-depth understanding of the inner workings of cloud Platform-as-a-Service (PaaS) offerings from Amazon Web Services, Microsoft Azure, and the Google Cloud Platform. This workshop will provide participants with some of the philosophies that undergird each provider and how these have influenced their services. By contrasting these offerings, we can, for example, avoid applying AWS concepts to Azure and GCP where they are not appropriate. The Instructor will also demonstrate a lab to reinforce the key concepts covered.