Sydney Level 8, 59 Goulburn Street Sydney NSW 2000 Melbourne Level 15, 401 Docklands Drive Docklands VIC 3008 Tel. 1300 922 923 Intl. +61 2 9290 4444 www.senseofsecurity.com.au Sense of Security Pty Ltd ABN 14 098 237 908 @ITSecurityAU Compliance, Protection & Business Confidence 26-Jul-18 AWS - DevOps Cyber Attack Kill Chain with Automated Security Response & Visibility Murray Goldschmidt, Chief Operating Officer Australian Cyber Innovation Executive Lunch
35
Embed
AWS - DevOps Cyber Attack Kill Chain with Automated Security … · 2019-12-05 · A successful processing of source code in all of its AWS CodePipeline stages will invoke a Lambda
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
WAF’s “could” mitigate this attack throughWhitelisting *
But only IF the rules are set to whitelist valid content types or blacklist Object Graph Navigation Library (OGNL) expressions.
WAF’s “could” mitigate this attack through Custom Rules **
BUT a Custom rule reqd to block requests that contain invalid Content-Type header values for a specific URL that accepts multipart requests conditions:request.path EQUAL “/struts2-showcase/index.action”request.header “Content-Type” NOT.EQUAL “multipart/form-data”
More Advanced WAFs “could” mitigate this attack through Zero Day Protections ***
• Runtime application self-protection (RASP) • Built into an application • Detect and prevent real-time application attacks• “self-protecting” or reconfiguring automatically
without human intervention (on conditions of threats, faults, etc.)
A successful processing of source code in all of its AWS CodePipeline stages will invoke a Lambda function as a custom action, which will copy the source code into an S3 bucket in Region B. After the source code is copied into this bucket, it will trigger a similar chain of processes into the different AWS CodePipeline stages in Region B. See the following diagram.
Conclusions• Cloud introduces some (new) challenges• Common Sense & Reasonable Security Measures Prevail!• Active Defence and Self-Healing is possible• Continuous Monitoring can be achieved thru automation• Common attacks can be defeated with Low/No Cost!• Crawl, Walk, Run• Start with the basics, improve configurable settings• Strive towards more advanced DevOps Deployments with
Some images used under license from Shutterstock.com or with permission from respective trademark owners. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher.