This webinar covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.


Key Discussion Points

  • Understanding current cloud threats landscape
  • Reviewing cloud attack vectors
  • Recent examples of cloud security incidents
  • Prioritize cloud security efforts


About Speaker

Moshe Ferber (Cloud Security Expert, Frequent Speaker at Defcon, Blackhat, RSAC APJ). Moshe served as high ranking manager in large corporations, founder of innovative startups, frequent lecturer at cyber conferences and major contributor to various cloud education programs and certifications.


(Webinar) Recorded


Discussion Highlights

1. CSA relevant publications



2.  IaaS/PaaS

  • SaaS - Evaluate our providers correctly
  • PaaS - Very hard to provide best practices
  • IaaS - Gain the expertise for building secure applications


3. Exploitable workloads

  • Atlassian Confluence servers hacked via Zero-Day Vulnerability
  • Hildegard new team TNT Cryptojacking Malware targeting Kubernetes


4. Workloads with excessive permissions

  • A hacker gained access to 100 million capital one credit card applications and accounts
  • The attack on ONUS - areal life case of the Log4shell vulnerability


5. Unsecured keys, credentials, and application secrets

  • Samsung spilled smart things app source code and secret keys
  • CIrcle CI says hackers stole encryption keys and customers secrets


6. Exploitable authentication or authorization




7. Unauthorized access to object storage




8. Third party cross environment/account access leading to privilege escalation



(PPT) Presentation From The Discussion




E-mail me when people leave their comments –

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

RSAC Meetup Banner

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)