Meetup #5: Security in the AWS Cloud & Macaroons (decentralized authorization)
February 21, 2019 (Thursday) @ ForkLog Crypto Cowork
Talk #1: “(Un) safe cloud — examples of vulnerabilities” by Kacper Szurek
Abstract
When we use the cloud, our data is physically safe — after all, it’s hard to imagine that someone can break into Amazon’s servers. But we forget that what the cloud also is — is the proper configuration and applications running there.
During this presentation, you’ll see common mistakes made by programmers and administrators. We will start with the obvious settings of S3 buckets, the content of which is available to everyone on the Internet.
Next, we’ll take a look at the permissions that allow us to perform the privilege escalation attack. Finally, we’ll talk about incorrectly implemented code run in Lambda.
Bio
Kacper Szurek works in ESET where he analyses and detects malicious software. After hours he works on promoting the knowledge about security.
He runs his own YouTube channel where he talks about complicated security subjects in a simple and easily understood way.
Every week you can listen to him in his podcast named “Szurkogadanie” where he comments on the most interesting information from the world of cyber security.
In a free time he searches for vulnerabilities and describes them on his technical blog security.szurek.pl
Talk #2: “Macaroons — decentralized authorization in the cloud” by Wojciech Kocjan
Abstract
Macaroons are cookies with contextual caveats for decentralized authorization in the cloud, or any distributed systems.
This presentation introduces you’ll find out what macaroons are and how they can be used when building systems that are using microservices and/or are decentralized.
We’ll also dive into how macaroons can be used to perform authentication and authorization between services.
Bio
Wojciech Kocjan is an engineer with 10 years of experience with clouds and distributed systems. Currently an architect at Bitnami, company delivering open source apps for all major clouds.
Sponsors
VirtusLab is the founding sponsor of Kraków Cloud Native Group.
ForkLog is helping us out this time by providing venue for the meetup.
