AWS is extensively used by organizations, large and small. The breadth of service offerings within AWS is staggering. From Serverless to IaaS Services, AWS has comprehensive solutions that can power any organization.
However, security on AWS is often treated similar to Enterprise security. Organizations look to adopt similar templates of Perimeter Protection, Cryptography and so on, on their AWS environments, as they would, for collocated or private cloud environments. This is not a scalable or effective strategy.
Securing resources and applications on AWS requires a different perspective and a different set of practices. This talk provides an attack and defence perspective of AWS security. We will look at how attackers view resources on AWS, leverage vulnerabilities and elevate privileges therefrom and look at some common practices for defence, in terms of identifying and mitigating vulnerabilities in our AWS deployment.