Time Table

Many configuration errors related to object storage services like Amazon S3 can be automatically detected by tools and are widely recognized vulnerabilities. However, there are also lesser-known vulnerabilities. EDoS attacks causing service costs to skyrocket and overwriting metadata opening up XSS vulnerabilities are a few examples. These types of vulnerabilities are difficult to identify without an understanding of the application’s context, making it challenging to detect through automated means. These object storage vulnerabilities involving the billing system and metadata are not widely known at the moment. In this session, we will provide a comprehensive overview of the threats to object storage, with a focus on vulnerabilities that are difficult to detect automatically. Engineers from Flatt Security, who have extensive experience in assessment of modern applications will demonstrate these threats and their countermeasures with specific code examples.