During this research, I've come to the conclusion that the state of Cloud security doesn't look very promising.
Even though these checks were "basic" ones, I've found many leaked API keys, API documentation, Service secrets, Unauthenticated CI/CD dashboards, Unauthenticated Admin Panels, Debug logs, ENV variables, and much more.
Creating this presentation has proven to be quite challenging. Delving into specific security exposures often made me go down the rabbit hole of investigation, diverting attention from creating the presentation slides.
Come join me in Bucharest on DefCamp Conference for a talk named "Cloudy with a Chance of Exposures: Dissecting Web Server Risks Across Top Cloud Providers"
See you there! 👋
While the cloud offers a multitude of opportunities and possibilities, it also brings forth a darker side...
🎙 Nenad Zaric, Co-founder & CEO Trickest | Offensive Security Orchestration, is joining the #DefCamp 2023 speaker line-up to share his findings from an exhaustive scan of web servers within AWS, GCP, Azure, and DigitalOcean IP ranges.
Join him at the conference, come #MeetOurSpeakers & learn from the best: https://def.camp/tickets/
Read more about DefCamp's infosec rock stars, here: https://def.camp/speakers/
Site Reliability Engineer | CKA | 15x Cloud Certified
1wKudos to you