Securing Apps in the Open-By-Default Cloud

Black Hat USA 2019

Presented by: Winston Howes, Michael Wozniak
Date: Thursday August 08, 2019
Time: 15:50 - 16:40
Location: Lagoon GHI

Services created in cloud environments like GCP or AWS are open to the internet by default. This is a problem that compounds in a workplace where developers are empowered to create new microservices faster than a security team can review them. Even if all of these services could be reviewed before launch it is infeasible for security teams to track and review all security-impacting code changes, often leading to improper auth controls and exposed services.

We present a generalizable solution which automatically enforces auth controls for all services throughout their development lifecycle. Our solution is designed to require minimal operational overhead for the development and security teams and holds no opinions about the project's development process, allowing development teams to maintain their autonomy.

Winston Howes

Winston Howes is Technical Lead for Application Security at Snap Inc. An expert in web security, he has led the vision for Snap's web security efforts. Outside of Snap he has interests in voting security and is an accomplished magician.

Michael Wozniak

Michael Wozniak is Technical Lead for Infrastructure Security at Snap Inc. He has lead the security efforts to expand into multiple cloud providers including migrating to a service mesh architecture. He also has experience working on several open source cryptocurrency projects.

KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats