Episode 19: Understanding Cloud Attack Vectors

Episode 19 August 02, 2020 00:40:22
Episode 19: Understanding Cloud Attack Vectors
SilverLining IL
Episode 19: Understanding Cloud Attack Vectors
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Attendees

Guest: Or Kamara

Guest Title:  Senior team lead 

Company:  Synk

Abstract

Cloud computing can bring interesting and new attack vectors. In this episode, we talk with Or Kamara, Senior team lead at Synk, about the Capital-one hacking and what can be learned from the event in order to better protect our networks. We will analyze the attack step by step and add mitigating controls that can help in preventing the next attack.

Timing:

0:35 Introducing our guest

4:10 introducing the story the capital one hack 

5:45 The phases of the Capital One hack

7:50 The first misconfiguration - servers exposed to the internet unintentionally

11:05 the SSRF vulnerability and understanding meta-data service

19:38 Using API keys for browsing S3 and how to mitigate it

26:00 things that Capital One did right and additional insights

28:00 how should developers and IT 

30:50 shifting from traditional security to new cloud security mindset

36:00 summary and final words

Other Episodes

Episode 2

April 22, 2019 00:33:27
Episode Cover

Episode 2: Security Challenges Of Moving From Monolith To Micro-Services

Attendees Guest: Yuval Reut,  Guest title:  CIO & CISO  Company:  Riskified  Micro-services can bring enormous benefits into the organizations – giving flexibility and driving innovation. But Micro-services are also challenging from a security point of view. In this podcast, Yuval Reut, CIO & CISO for Riskified, will share his experience of moving an entire monolith application to a group of integrated micro services. Timing: 0:00 – 3:39 - intro and learning about Riskified 3:39 - 9:55 - CISO & CIO positions at SaaS startups 9:55 - 12:20 - moving from Monolith to Microservices – reasons for the move. 12:20 - 19:30 - technology challenges when moving to Micro services 19:30 - 25:00 - People challenges when moving to Micro services 25:00 – 29:35 - Process challenges when moving to Micro services        29.40 – 33:00 - Summary and conclusions ...

Listen

Episode 48

March 16, 2022 00:37:12
Episode Cover

SilverLining Episode 48: Deep dive into Confidential computing

Guest: Yan Michalevsky Guest title:  Co-Founder and CTO at Anjuna Language: English   Abstract Confidential computing is one of the more interesting technologies that is developed today. The combination of using secure hardware features, advanced cryptography with tight virtualization integration enables us to protect data at untrusted environments and protect from very illusive threats such as government access and malicious insiders. In this episode we spoke with Yan Michalevsky, Co-Founder and CTO at Anjuna, regarding confidential computing and why we should pay attention to it. ...

Listen

Episode 10

November 24, 2019 00:30:24
Episode Cover

Episode 10: Securing The New Fintech Economy

Attendees Guest: Nir Valtman Guest title:  Product security lead Company:  Finastra Abstract Fintech companies drive cloud security forward by setting the highest bar of requirements on cloud providers. In this episode we talk with Nir Valtman, Product security leader at Finastra about the challenges of Fintech companies and dive into API Authentication and Authorization best practices and building eco-system that can support trust between banks and young fintech companies. Timing 0:00 Intro and introducing our guest 2:40 Introducing Finastra and the challenges of traditional banks with modern fintech.  4.50  Building API platforms for banks. Challenges, security considerations and solutions.  8:45   Creating trust between banks and fintech companies - validating applications end to end security from the fintech to the banks. 12.30 Authenticating & Authorizing API requests on banking platforms. Methods, challenges and common use cases 19:30 Detecting anomalies detection and analyzing API’s on top of cloud platforms 25:35 The challenges of application secret management with partners 28.25 Tips for fintech companies ...

Listen