Play all

Threat Modeling Cloud Applications - What you Don't Know Will Hurt You

Agenda Cloud Terminology and Background Threat Modeling Basics

NIST Cloud Definition Framework

What is a Threat Model A model of the a software system that depicts

Threat Modeling - High-level process Diagram the System Structure 2 Idently Assets and Security Controls

Using S3 Storage Use Case

Classic Architecture: Primary with DR Site

Cloud Architecture: Augment DR with AWS

Threat Modeling - High-level process 1 Diagram the System Structure 2 Identity Assets and Security Controls

What Does Cloud Do to Our Threat Model?

To the Cloud - New Application Structure

Identify the Assets and Security Controls

AWS Security Control Differences

EC2 Security Groups An EC2 Security Group is a set of ACCEPT firewall

Integration with Enterprise Authentication Stand alone application mechanism means that the user store must be provisioned

Elasticity Drives Change

Most Common AWS Security Credentials Purpose

S3 ACLs and Bucket Policies

Using S3 Drives Design Changes

Cloud "Doomsday" Scenarios to consider Reprioritized or Changed by Cloud

Additional Attackers

Enumeration and Risk Management

Conclusion

Description:

Explore threat modeling for cloud applications in this 45-minute LASCON conference talk. Learn essential cloud terminology, threat modeling basics, and the NIST Cloud Definition Framework. Discover how to create effective threat models for cloud systems, including diagramming system structure and identifying assets and security controls. Examine the impact of cloud architecture on traditional threat models, focusing on AWS services like EC2 and S3. Investigate security considerations such as EC2 Security Groups, enterprise authentication integration, and S3 ACLs and Bucket Policies. Address cloud-specific "doomsday" scenarios, reprioritized threats, and additional attacker profiles. Gain insights into enumeration and risk management techniques for cloud environments, equipping yourself with the knowledge to protect cloud applications from potential threats.

Threat Modeling Cloud Apps - What You Don't Know Will Hurt You

LASCON

Add to list

#Conference Talks #LASCON #Business #Corporate Governance #Risk Management #Programming #Cloud Computing #Cloud Architecture #Cloud Security #Information Security (InfoSec) #Cybersecurity #Threat Modeling #AWS Security

0:00 / 0:00