OWASP DevSlop Show: Catching Secrets in the Cloud with Pawel Rzepa! скачать в хорошем качестве

OWASP DevSlop Show: Catching Secrets in the Cloud with Pawel Rzepa!

On this show, our guest is Pawel Rzepa. Pawel is a Senior Security Analyst at SecuRing in Kraków, Poland. He regularly performs penetration testing engagements and does consultancy in cloud security. He is an OWASP member and organizer in his community and a top contributor to the OWASP Mobile Security Testing Guide (MSTG). You can find his blog posts on Medium, where he generously shares his knowledge with his readers. On this show, Pawel discusses the problem of publicly accessible storage containers and the secrets they can hold. To start off, he shares two of the most known researches about this issue. One by Skyhigh and the other by Rapid7. During his own research, he found lots of files with sensitive data. After spending many hours reviewing his findings, he quickly realized that he wasn’t going to be able to manually search for secrets in the terabytes of files he found. Pawel shows us methods and tools for detecting a leak: OWASP Amass, Bucket Stream, Bucket Scanner, Wayback Machine (enum_wayback), AWS Mechanical Turk service, AWS Macie, DumpsterDiver Links List of significant leaks: https://github.com/petermbenjamin/YAS3BL A browser of public buckets: https://buckets.grayhatwarfare.com/ Twitter:   / rzepsky   Medium:   / krkanalytica-challenge-demystified     / exploring-25k-aws-s3-buckets     / hunting-for-secrets-with-the-dumpsterdiver   KrkAnalytica challenge (CTF): https://www.securing.biz/en/krkanalyt...