Cloud storage systems like Microsoft's Windows Azure Storage and Amazon's Simple Storage Service allow web sites and services to cheaply store large amounts of data and make it available in a controlled manner. However, as with traditional methods of data storage and retrieval (such as SQL-based relational databases), application authors must take care to use cloud storage systems correctly to avoid unauthorized data access or tampering. This presentation will cover a variety of attacks on applications using cloud storage, such as enumeration and REST/SOAP injection, to show how the same effects as a SQL injection attack may be realized on an application using a cloud storage system, as well as how developers can protect themselves from these attacks.
Stanford University Grant Bugher leads the security advisory team for Online Services Security & Compliance at Microsoft, and is a member of Microsoft’s Security Development Lifecycle team. Grant works with Microsoft’s online services teams to help them write and deploy secure software, and to develop and refine the software standards used throughout Microsoft. Prior to leading this team, his experience included being Enterprise Security Architect for a Fortune 500 corporation, a Program Manager on Windows Firewall, and a software engineer on the .NET Framework and Visual Studio .NET. Grant holds the CISSP and CSSLP certifications, and also writes a security blog at perimetergrid.com.