LASCON Recap - Infrastructure as Code
Recently, we had the privilege of participating in and sponsoring the Lonestar Application Security Conference (LASCON). Our CEO, Michael McCabe, and Ken Toler delivered a training session and a talk on exploiting Terraform for remote code execution; both received a fantastic turnout. In between operating our booth, we had the opportunity to attend some insightful talks.
During the event, one presentation that stood out was delivered by Bug Bounty and focused on how to manage a bug bounty program. Sean Poris's knowledge and experience running one of the world's largest bounty programs was fascinating and insightful. Another highlight of the event was a panel by our friends at Absolute AppSec with a discussion on the state of application security. Their thought-provoking questions, particularly on AI, made a lasting impression.
LASCON offered a diverse range of talks that were both engaging and informative. While at our booth, we relished the chance to converse with attendees and gain insights into their day-to-day tasks. The networking opportunities, including a lively happy hour and even bull riding, were a great way to connect with fellow participants. Perhaps next year, someone from our team will take a turn on the bull!
We also had valuable interactions with other vendors, learning about the various products available in the market. Our booth's strategic location near the food and adjacent to the lock-picking table provided both delicious distractions and a fun challenge. After visiting the lock-picking table, we found ourselves handcuffed and were only set free after successfully picking the lock. It was a fun and educational experience.
Overall, our experience at LASCON exceeded our expectations. If you haven't attended before, we highly recommend it. For those who have, we look forward to hopefully seeing you again next time. We're also eagerly anticipating the theme for next year, as the Game of Vuln shirts and artwork were truly impressive!
UP NEXT
The Security Benefits of Infrastructure as Code
We have developed and delivered new ways to deliver infrastructure quickly and without these misconfigurations. Prevention is the only cure; we’ll talk about how you can implement this today.
OIDC for GitHub Actions
At Cloud Security Partners, we perform a lot of code reviews and Cloud Security Assessments. During these engagements, we see many different CI/CD patterns that cause us to raise our eyebrows. One situation in particular that we encounter relatively often is the unsafe use of AWS credentials. The CIS Benchmark for AWS indicates that Access Keys must be rotated every 90 days. And generally, IAM users should be avoided, instead roles should be utilized. OpenID Connect is an authentication standard
Show More >