The Cloud Attack Surface – Laughing at the OSI Model

Kat Traxler

Kat Traxler

Speaker Bio

Kat Traxler is currently working as a Security Researcher and Penetration Tester with a focus on Cloud Native Technologies. She has crossed the Rubicon in her career from sheer terror to comfortably numb.

Presentation

Security Professionals are comfortable reasoning about the security posture of systems within the framework of the OSI model. We classify attacks as network based or application based each with their own set of understood preconditions or rules.
Enter ‘The Cloud’ or as I like to think about it “Other Peoples Datacenters”. The Cloud Platforms and their associated APIs are harnessed by a new bread of operations teams to define network or application systems in code. It’s on the Cloud API Platforms that a new attack surface has opened and it plays by none of the old rules.