S3top the madness: avoiding being the next AWS bucket leak statistic presented at shellcon 2017

by Jason Ritzke,

Summary : In early 2017 I gave a talk at Layer One where I stated that public cloud platform misconfiguration was going to be a big ticket breach item for the foreseeable future. I could not begin to foresee the degree to which the ridiculous rash of unsecured S3 bucket breaches would prove me painfully correct. Hopefully, with a little education, we can make it so we can all go a full week without another S3 leak.
Focusing entirely on S3 buckets, this talk will cover:
The sorry state of S3 bucket breaches
How S3 buckets can be (in)secured
How to audit S3 bucket security
How to detect S3 bucket (mis)usage