Hosted By
Attendees
Guest: Or Kamara
Guest Title: Senior team lead
Company: Synk
Abstract
Cloud computing can bring interesting and new attack vectors. In this episode, we talk with Or Kamara, Senior team lead at Synk, about the Capital-one hacking and what can be learned from the event in order to better protect our networks. We will analyze the attack step by step and add mitigating controls that can help in preventing the next attack.
Timing:
0:35 Introducing our guest
4:10 introducing the story the capital one hack
5:45 The phases of the Capital One hack
7:50 The first misconfiguration - servers exposed to the internet unintentionally
11:05 the SSRF vulnerability and understanding meta-data service
19:38 Using API keys for browsing S3 and how to mitigate it
26:00 things that Capital One did right and additional insights
28:00 how should developers and IT
30:50 shifting from traditional security to new cloud security mindset
36:00 summary and final words
Attendees Guest: Yuval Reut, Guest title: CIO & CISO Company: Riskified Micro-services can bring enormous benefits into the organizations – giving flexibility and driving innovation. But Micro-services are also challenging from a security point of view. In this podcast, Yuval Reut, CIO & CISO for Riskified, will share his experience of moving an entire monolith application to a group of integrated micro services. Timing: 0:00 – 3:39 - intro and learning about Riskified 3:39 - 9:55 - CISO & CIO positions at SaaS startups 9:55 - 12:20 - moving from Monolith to Microservices – reasons for the move. 12:20 - 19:30 - technology challenges when moving to Micro services 19:30 - 25:00 - People challenges when moving to Micro services 25:00 – 29:35 - Process challenges when moving to Micro services 29.40 – 33:00 - Summary and conclusions ...
Guest: Yan Michalevsky Guest title: Co-Founder and CTO at Anjuna Language: English Abstract Confidential computing is one of the more interesting technologies that is developed today. The combination of using secure hardware features, advanced cryptography with tight virtualization integration enables us to protect data at untrusted environments and protect from very illusive threats such as government access and malicious insiders. In this episode we spoke with Yan Michalevsky, Co-Founder and CTO at Anjuna, regarding confidential computing and why we should pay attention to it. ...
Attendees Guest: Nir Valtman Guest title: Product security lead Company: Finastra Abstract Fintech companies drive cloud security forward by setting the highest bar of requirements on cloud providers. In this episode we talk with Nir Valtman, Product security leader at Finastra about the challenges of Fintech companies and dive into API Authentication and Authorization best practices and building eco-system that can support trust between banks and young fintech companies. Timing 0:00 Intro and introducing our guest 2:40 Introducing Finastra and the challenges of traditional banks with modern fintech. 4.50 Building API platforms for banks. Challenges, security considerations and solutions. 8:45 Creating trust between banks and fintech companies - validating applications end to end security from the fintech to the banks. 12.30 Authenticating & Authorizing API requests on banking platforms. Methods, challenges and common use cases 19:30 Detecting anomalies detection and analyzing API’s on top of cloud platforms 25:35 The challenges of application secret management with partners 28.25 Tips for fintech companies ...
