AppSec California 2017

An increasing number of organizations are using AWS or are migrating to AWS. Security teams with traditional datacenter security knowledge are trying to catch-up and grasp the new attack surface, security concerns, and develop defensive techniques. Developers are often given the power to deploy infrastructure in ways that were previously restricted without the traditional insight and controls security would normally implement. At the same time, AWS customers are being exploited in ways that are easily preventable but highly damaging to the customer's organization; this fact is well documented.

Fortunately, AWS does provide the technology to harden, monitor, and even recover should an incident occur. Unfortunately, these defensive practices are not widely discussed or well-known amongst both security professionals as well as developers.

In this talk, we discuss harnessing existing AWS functionality to strengthen your organization's AWS infrastructure against practical attacks. Ken will show you what attackers are looking for, how they are finding you, and how to secure your environment. Additionally, attendees will be given code that assists those using AWS in better understanding how their environment's IAM policies are configured and automate tasks like S3 bucket policy review, volume encryption statuses, and security group configurations.

Finally, this talk will delve deep into practical alerting/monitoring and demonstrate implementing notifications that are descriptive and pinpoint active attacks.

AWS Technologies discussed:

- Config
- CloudWatch
- CloudTrail
- SNS
- SQS
- IAM
- *(Other) Security features of other services