This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Los Angeles/2010 Meetings/February 24

From OWASP
Jump to: navigation, search

Topic: Cloud Computing Security: Raining on the Trendy New Parade


Slides can be found here on Google Docs.


Speaker: Alex Stamos

Alex Stamos is a founding partner of iSEC Partners, a strategic digital security organization. Alex is an experienced security engineer and consultant specializing in application security and securing large infrastructures, and has taught multiple classes in network and application security.

He is a leading researcher in the field of web application and web services security and has been a featured speaker at top industry conferences such as Black Hat, CanSecWest, DefCon, SyScan, Microsoft BlueHat and OWASP App Sec.

He holds a BS in Electrical Engineering and Computer Science from the University of California, Berkeley.


Abstract: Cloud Computing Security: Raining on the Trendy New Parade

Cloud computing is an unstoppable meme at the CIO level, and will dominate corporate IT planning for the next several years. Although they do offer the promise of cost savings for many organizations, the basic ideas behind abstracting out the corporate datacenter greatly complicates the tasks of securing and auditing these systems. While there has been excellent research into low-level hypervisor and virtualization bugs, there has been little public discussion of the “big picture” problems for cloud computing. These include virtualized network devices, browser same-origin issues, credential management and many interesting legal challenges.

Our goal with this talk will be to explore the different attack scenarios that exist in the cloud computing world and to provide a comparison between the security models of the leading cloud computing platforms. We will discuss how current attacks against applications and infrastructure are changed with cloud computing, as well as introduce the audience to new types of vulnerabilities that are unique to cloud computing. Attendees will learn how to analyze the threat posed to them by cloud computing platforms as either providers or consumers of software built on these new platforms. Our platforms for discussion include Salesforce.com, Google Apps, Microsoft Office Live, Google AppEngine, Microsoft Azure, Amazon EC2, and Sun.

Retrieved from "https://wiki.owasp.org/index.php?title=Los_Angeles/2010_Meetings/February_24&oldid=111458"