This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
AppSecUSA 2015 - Buy ticket at http://2015.appsecusa.org/buy/
View analytic
Thursday, September 24 • 11:30am - 12:25pm
Hack the Cloud Hack the Company: the Cloud Impact on Enterprise Security

Sign up or log in to save this to your schedule and see who's attending!

iSEC Partners routinely carry out Attacker Modeled Penetration Tests that use any and all means possible to gain entry to a company. The goal is to test organizations against true-to-life attack and penetration activities that real attackers use in the breaches that make headline News (and the breaches that don't).

Organizations that use Cloud Services to provision an operating environment to support a product, or use Cloud Service Providers to outsource elements of traditional enterprise IT into the Cloud, can find those very aspects used against them in an attack. While the potential attack surface for a breach changes, in many ways the use of Cloud infrastructure can make it easier for an attacker to gain access to critical systems and data. In this session the speaker will describe methods of penetration used during recent tests, illustrating how Cloud Services are viable entry points that lead to significant compromises. The following areas will be discussed:

- Common mistakes in deploying Internet-facing Cloud infrastructure
- Replication and communication paths between Cloud and on-premises infrastructure
- Effective ways for attackers to gain access to the Cloud Service administration console
- How the use of Cloud Services is weakening enterprise IT security
- Methods for securing Cloud Services, closing vulnerabilities and protecting the company

This session is a must-see for enterprise security professionals, software developers, system administrators and penetration testers.

avatar for Kevin Dunn

Kevin Dunn

Technical VP, NCC Group
Kevin Dunn is Technical Vice President for NCC Group in Austin, TX. Kevin has been a professional security consultant for over 14 years, working on diverse projects and challenging technologies for the world’s largest and most demanding companies. He has delivered technical training and spoken at security conferences all over the USA and Europe across the majority of his career. His current responsibilities include active delivery of security... Read More →

Thursday September 24, 2015 11:30am - 12:25pm
Room C