Automated Security Analysis AWS Clouds

I’m hooked on cloud security, it has a little bit of everything: network security, application security, automation and DevOps . One of my latest cloud security assessments was on a huge AWS account:

  • 500k USD / month billing
  • 2500 EC2 instances
  • 200 RDS instances
  • 2000 IAM users and roles
  • 250 IAM groups
  • 500 security groups

With more than 30 unique vulnerability types identified in a couple of weeks the assessment went really well, but required considerable effort in automating the vulnerability identification, output parsing and report writing.

Scout2, Prowler and CloudMapper were used during the engagement and provided around 70% of the findings. The remaining 30% was identified using custom scripts written in Python and boto, created specifically for the engagement.

MercadoLibre, one of my old customers, organizes a quarterly application security meetup in Buenos Aires. This was the perfect venue to give a talk about my experience with these tools, here are my slides!

Recommended Posts