What are the biggest AWS Security Vulnerabilities? | Security Engineer Interview Questions
Рет қаралды 16,887
Күн бұрынAs the biggest provider of cloud services in the world by far, Amazon Web Services (#AWS) is a juggernaut powering the massive and complex applications deployed by entertainment giants, governments, and social networks. Given the sheer volume of user data they handle on a daily basis, it's only logical to assume they're the target of numerous security attacks and threats.
In this episode of Security Engineer Interview Questions, Abhay Bhargav answers the question: "What are the biggest AWS security vulnerabilities?"
Despite having very robust security across its services, most of the security issues that plague AWS-hosted apps tend to stem from the users' end, ie., the people deploying their apps on AWS. Security misconfigurations, access control and privilege issues, and more comprise the majority of security vulnerabilities found on AWS.
Here are some of the most common AWS vulnerabilities out there:
Misconfigured Access Control - #S3 Buckets
Subdomain Takeovers - S3/ #Cloudfront
Vulnerabilities with apps deployed on compute infrastructure
Host and Network hardening flaws
Privilege escalation of credentials from compute services
Watch the video to see a full breakdown of all of these, and ace that job interview!
Content of this video
0:00- Intro
01:08- What is the biggest AWS security vulnerability?
02:56- S3 bucket vulnerabilities
03:40- Subdomain takeovers
04:44- privilege right escalation vulnerability
05:20- Server side request attack forgery demo
14:18- Start access S3
17:21- Like and subscribe
---------
AppSecEngineer is a powerful training platform that delivers amazing hands-on training on AppSec, AWS Security, Cloud Security, Kubernetes, Container Security and Advanced Application Security.
#AppSecEngineer is ideal for jobseekers, knowledge seekers and companies that want to get their workforce equipped to handle real-world security issues with their newly minted and highly educated AppSec Engineers
Learn more about AWS Security at appsecengineer.com/aws-cloud-...
Twitter: / appsecengineer
Linkedin: / appsecengineer
#AWSsecurity #AWSvunerabilities
@hariprasad0511 3 жыл бұрын
It is a good explanation. Thanks for doing this
@AppSecEngineer 3 жыл бұрын
Glad it was helpful!
@realnetworkadetunji3459 2 жыл бұрын
Good job, thanks a lot
@AppSecEngineer 2 жыл бұрын
Glad it helped !🙂
@MK-rn2hm 3 жыл бұрын
Thank-you. My issue is I have to assess AWS itself from a data security perspective and this is a big help. Any more content you have put out related to this ask?
@AppSecEngineer 3 жыл бұрын
Glad it was helpful! Any specific queries you have?
@MK-rn2hm 3 жыл бұрын
@@AppSecEngineer Are there any other un publicized vulnerabilities in AWS?
@AppSecEngineer 3 жыл бұрын
Unlikely that there are unpublicised vulnerabilities in AWS itself, but the misconfigurations of services used by developers can result in vulnerabilities in your implementation on AWS typically
@misplacedidentity1036 2 жыл бұрын
Thank You for the video, please zoom out a little. It's distracting to see your head moving a lot. I cannot look away from the screen because if you're showing some configuration on the screen I would miss it.
@AppSecEngineer 2 жыл бұрын
Noted! Thanks for the feedback!!
@mathewaju 3 жыл бұрын
So disabling metadata service the soln?
@AppSecEngineer 3 жыл бұрын
Not necessarily. Disabling metadata is not an option if you need your Ec2 server to connect with internal AWS services like DynamoDB or S3. Its recommended that you use the IMDSv2 Service with the new AWS SDK to ensure that you're much more protected against SSRF flaws being able to access the Metadata over a simple GET request
@rakeshgoudo7180 3 жыл бұрын
How can we protect from SSRF attack in AWS ?
@AppSecEngineer 3 жыл бұрын
Youll see that we’ve explained in the video. Aside from securing the application against SSRF, the important thing is to leverage the IMDSv2 service for metadata so you have an additional layer of authentication to access the metadata service
@kingofhavila9850 2 жыл бұрын
@@AppSecEngineer thank u
@yetbomb9630 3 жыл бұрын
What browser or web application is that?
@AppSecEngineer 3 жыл бұрын
The vulnerable application we’re using is a one that we’ve built as a lab for AppSecEngineer. The IDE interface is the way we deliver all hands-on labs in AppSecEngineer. Check it out: appsecengineer.com
@kingofhavila9850 2 жыл бұрын
@@AppSecEngineer you forced vistors to accept cookies in your website 😒
@AppSecEngineer 2 жыл бұрын
@@kingofhavila9850 Necessary sometimes, you can always clear them though. Any specific reason you don't want to accept it?
@beulahbillions5655 2 жыл бұрын
So much noise. Time wasting.
AppSecEngineer
Рет қаралды 1,9 М.
AWS with Avinash Reddy
Рет қаралды 2,4 М.
超人夫妇
Рет қаралды 32 МЛН
SCALER
Рет қаралды 35 М.
CyberPlatter
Рет қаралды 6 М.
DevOps and Cloud Labs
Рет қаралды 4,1 М.
AWS Events
Рет қаралды 30 М.
DGR Uploads
Рет қаралды 3,5 М.