云攻击模拟：利用攻击者的优势实现有效防御.pdf

《云攻击模拟：利用攻击者的优势实现有效防御.pdf》由会员分享，可在线阅读，更多相关《云攻击模拟：利用攻击者的优势实现有效防御.pdf（49页珍藏版）》请在三个皮匠报告上搜索。

1、Be Secure.Be Resilient.Cloud Attack Emulation-Leveraging the Attackers Advantage for Effective DefenseKennedy TorkuraCo-Founder&CTOMitigant1About MeBe Secure.Be Resilient.CTO/co-founder Mitigant 12+years in cyber security Doctoral research Various cloud security positions A pioneer of Security Chaos

2、 Engineering 5x AWS Community Builder 2Agenda The Attackers Perspective Aspects of Cloud Attack Emulation:Threat Detection Validation Incident response exercises Purple/Red teaming Automated Penetration Testing Security for GenAI Threat-Informed Defense Conclusion3If you know the enemy and know your

3、self,you need not fear the result of a hundred battles.If you know yourself but not the enemy,for every victory gained you will also suffer a defeat.If you know neither the enemy nor yourself,you will succumb in every battle.-Sun Tzu 4The Attackers Perspective Strive to view your infrastructure with

4、 the lens of an attacker in order to identify gaps.Assume breach mindset.The view point results in passive and active outcomes Passive-threat modelling,table top exercises(mostly qualitative)Active-security assessments,penetration testing,bug bounty programs,red/purple teaming,threat hunting,risk as

5、sessments(mostly quantitative)Compliance!=Security567Testing in Software Engineering Target/Focus:UsersAim:Provide the best user experience.Unit tests Integration tests Smoke tests Load tests Performance tests A/B testshttps:/ in Software Engineering Target/Focus:UsersAim:Provide the best user exper

6、ience.Unit tests Integration tests Smoke tests Load tests End-to-End tests A/B testshttps:/ in CybersecurityTarget/Focus:AttackersAim:To keep organizations safe Penetration testing Web Application tests Red/Purple teaming exercises Adversary emulation Bug bounty programs API Security Testing10Limita