Program

/

CODE BLUE 2024

Time Table

[Flatt Security Inc.]Not Just Configuration Errors: A Comprehensive Look at Threats to Object Storage Services like S3

DAY 1

13:15-13:45

Many configuration errors related to object storage services like Amazon S3 can be automatically detected by tools and are widely recognized vulnerabilities. However, there are also lesser-known vulnerabilities. EDoS attacks causing service costs to skyrocket and overwriting metadata opening up XSS vulnerabilities are a few examples. These types of vulnerabilities are difficult to identify without an understanding of the application’s context, making it challenging to detect through automated means. These object storage vulnerabilities involving the billing system and metadata are not widely known at the moment. In this session, we will provide a comprehensive overview of the threats to object storage, with a focus on vulnerabilities that are difficult to detect automatically. Engineers from Flatt Security, who have extensive experience in assessment of modern applications will demonstrate these threats and their countermeasures with specific code examples.

Speakers:
Eiji Mori(森 瑛司) Cyber threat intelligence analyst
Norihide Saito(齋藤 徳秀) Cyber threat intelligence analyst

  • Location :

    • Track 2(HALL A)

  • Category :

    • OpenTalks

  • Share :