Check out their lateral moves! The importance of blast radius in DevSecOps
I enjoy hacker films as much as the next bloke. Who doesn’t love a flashy NSA login page and some exciting terminal colour schemes!? The one thing they always forget, however, is that successful attacks are more like chess wherein lots of moves (bugs, CVEs, and misconfigurations) are orchestrated together for a checkmate! In this session, we’ll use examples from our own research, highlighting potential attacker kill chains combining minor IaC misconfigurations in dangerous but preventable combinations with known CVE’s. We will also take a look, from a defender’s perspective, providing actionable takeaways your DevOps teams can start doing *today* to turn your security posture up to eleven.