Due to the increase in cloud-based attacks, we picked three devastating and evasive real-world scenarios to show how attackers can gain access and move laterally in SaaS applications to perform reconnaissance and steal sensitive data. This session will show how attackers can exploit API, administrative, and user session vectors to access data in SaaS applications.

RSA® Conference, the world’s leading information security conferences and expositions, today concluded its 31st annual event at the Moscone Center in San Francisco. The year’s event attracted over 26,000 attendees, including 600+ speakers, 400+ exhibitors, and over 400 members of the media. Throughout the week, attendees networked on the expo floor and participated in keynote presentations, track sessions, tutorials, seminars, and special events.

Several of the most pressing topics discussed during this year’s Conference included issues surrounding privacy and surveillance, the positive and negative impacts of machine learning and artificial intelligence, the nuances of risk and policy, and cybersecurity-focused innovations across crypto and blockchain.

Pain in the Apps — Three Attack Scenarios Attackers Are Using to PWN SaaS

Conference: RSA Conference 2022

Abstract

Post a comment

Related work

Anticipate and Defend Against Advanced Adversaries Targeting SaaS and IaaS

Credential Sharing as a Service: the Dark Side of No Code

Kubernetes to Cloud Attack Vectors: Demos Inside

Insights into Unsecured Kubernetes in the Wild

Controlling the Source: Abusing Source Code Management Systems

The Dark Underbelly of 3rd-Party Application Access to Corporate Data