A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


 Attacking Modern SaaS Companies - Sean Cassidy NolaCon 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

Attacking Modern SaaS Companies
Sean Cassidy
@sean_a_cassidy

Modern software-as-a-service (SaaS) companies have a large footprint and a lot of automation which enables them to build their service quickly. However, because many devops and cloud tools and processes are new, many companies don't understand the risks and don't plan with security in mind. Even some practiced network pentesters don't always know the best way to find vulnerabilities in these complex cloud-based systems. This talk is an introduction to pentesting these companies and is focused on giving attendees a breadth of knowledge on the new tech ? like microservices, serverless computing, configuration management, and containers ? that modern SaaS companies are using. You'll learn how to attack them and pivot towards high value targets or how to defend yourself against these attacks and how to monitor for breaches. A new remote access tool for AWS will be released to control AWS accounts with a minimum chance of observation.

Sean is the CTO of DefenseStorm, a next gen SIEM for cloud and on-premise networks. When he's not knee-deep thinking of cool stuff to add to his product, he likes to do security talks at conferences like this one. Last year, he debuted the LostPass phishing attack against LastPass and discussed common crypto vulnerabilities in single sign-on implementations.

Recorded at NolaCon 2017

Back to NolaCon 2017 video list

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast