AWS is a popular cloud platform of choice for many people and organisations around the world. It provides a quick and easy way to install and setup services in just a few clicks, but it also often leads to misconfigured services openly available for the attackers to take advantage of for their malicious activities.
In this video, Kavisha Seth covers common attack vectors that can be discovered on AWS cloud as well as the security controls available on the platform. Kavisha is a cloud security and machine learning enthusiast. She is a member of various security communities like null, InfoSec Girls, WiCys India, etc. and actively participates in security events as a speaker.
This video is part of the tech talks presented at Cloud Village. Cloud Village is an open space dedicated for people interested in cloud security and conducts various activities like talks, workshops, CTFs, and discussions around cloud.
What to expect from this video
Following topics have been covered in this video:
- Possible attack vectors for AWS
- Reconnaissance to identify attack vectors
- Misconfigured AWS services
- Identifying misconfigurations
- AWS security controls
The ease and speed of spinning up services, managing infrastructure has increased the pace of cloud adoption. However, many times the services are left misconfigured, which become a low-hanging fruit for the attackers.
The prime objective of this video is to create awareness about different attack vectors on AWS and the security controls available.This talk is for all those who want to understand cloud security on AWS whether as part of the red team or the blue team. Various attack vectors such as leaked credentials, misconfigured services, insecure applications, etc. are discussed in this tech talk along with different reconnaissance techniques to identify the attack vectors as well as the security controls that can be utilised.
This article is brought to you by Kloudle Academy, a free e-resource compilation, created and curated by Kloudle. Kloudle is a cloud security management platform that uses the power of automation and simplifies human requirements in cloud security. If you wish to give your feedback on this article, you can write to us here.