How often do you define permissions for new cloud-native applications? How often do you use the pre-defined vendor suggestion for them or use wildcards? IAM (Identity and Access Management) is an important factor in determining how secured your product will be. Doing it right requires an understanding of how it works and why it is important (sometimes even AWS gets it wrong), which is the purpose of this session. We will talk about what is IAM, how to use it, the risks of an overly permissive configuration, and a demo of IAM misconfiguration exploitation.
CTO and Co-founder @ Solvo
David has over 15 years of experience in delivering enterprise software and leading development teams, with a heavy focus on cloud security and infrastructure in the past 7 years. Prior to co-founding Solvo in 2020, David was one of the first R&D employees at Dome9 Security (acq. by CheckPoint in 2018), leading the development of key features and helping users uphold compliance in the cloud. David is a graduate of "MAMRAM", the elite military programming training.