Episode 3: Cloud Configuration Pitfalls

Episode 3 June 24, 2019 00:51:19
Episode
SilverLining IL
Episode 3: Cloud Configuration Pitfalls
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Attendees

Guest: Evgeny Zislis

Guest title:  CTO

Company:  ProdOPS

Abstract

Over 90% of IaaS/PaaS security incidents happens on consumer fault. Cloud platforms are complicated, with steep learning curve and it is easy to make mistakes. In this podcast, we talk with Evgeny Zislis, CTO for ProdOPS about the common IaaS/PaaS security mistakes and misconfigurations, categorize them and talk about measures to reduce those mistakes and identify them on time. 

Timing:

0:00 – 2:10 - intro and introducing our guest

2:10 -   31:05 - What are the common cloud misconfiguration and mistakes 

31:05 -  34:20  Avoiding cloud misconfigurations:  the process angle

34:20 -  38:33 Avoiding cloud misconfigurations:  the people angle

38:33 -  49:00 Avoiding cloud misconfigurations:  the technology angle   

49.00 – 52:00 Summary and conclusions

Episode Transcript

No transcript available...

Other Episodes

Episode 17

August 02, 2020 00:37:03

Episode 17: How to do penetration testing in cloud application

Attendees Guest: Oz Avenstein Guest Title:  Founder Company:  Avensec Abstract Penetration tests are one of the strongest controls that we use. It is testing the overall resilience of our application and allows us to be more confident in our workloads. But in the cloud era, cloud applications pen testing needs to be coordinated with the providers. In this episode we talk with Oz Avenstein, an application security expert, about the challenges of cloud penetration testing and how to do it correctly. Timing: 0.50 introducing our guest 3.40 How is cloud penetration tests different from regular pen tests? 5.01 elaborating about IaaS/PaaS particular pen test policies  8.45 pen testing SaaS applications  11.05 relaying on 3rd party pen testing 12.02 cloud pen test considerations and phases 17.35 the actual pen testing  21.20 the reporting phase 23.40 incorporating pen test into applications development cycle  34:00 Summary and last words   ...

Listen

Episode 50

May 11, 2022 00:24:30

SilverLining Episode 50: Building security workflow at scale

Guest: Ravid Circus Guest title: Co-Founder, Seemplicity Language: English   Abstract As organizations develop more software, and in faster cycles, greater responsibility is laid on security teams who have a full-stack responsibility for infrastructure, applications, IT services and many other aspects in the business. In this episode we spoke with Ravid Circus co-founder and CPO at Seemplicity to understand how security teams can efficiently scale their risk reduction efforts and interact with their counterparts productively by using digital workflows  for security operations. ...

Listen

Episode 43

December 08, 2021 00:25:04

SilverLining Episode 43: Gaining cloud security knowledge & certification

Guest: David W. Schropfer Guest Title: Host of DIY Cyber Guy Podcast Abstract:  Many IT & security professionals are asking what Is the best way to enter the world of cloud computing. In this episode we had the privilege of cooperating with David W. Schropfer from the successful podcast DIY cyber guy to discuss the career paths that are relevant for beginners or experienced professionals who wish to explore how cloud computing can promote their career. ...

Listen