ATTACKING MODERN SAAS COMPANIES presented at Nolacon 2017

by Sean Cassidy,

Summary : Modern software-as-a-service (SaaS) companies have a large footprint and a lot of automation which enables them to build their service quickly. However, because many devops and cloud tools and processes are new, many companies don’t understand the risks and don’t plan with security in mind. Even some practiced network pentesters don’t always know the best way to find vulnerabilities in these complex cloud-based systems. This talk is an introduction to pentesting these companies and is focused on giving attendees a breadth of knowledge on the new tech – like microservices, serverless computing, configuration management, and containers – that modern...