Early-bird Discount
expires in
Register Now

Agenda

Securing Workload Identities: Best Practices for Tokenizing Third-Party API Keys and Access Tokens

Securing Workload Identities: Best Practices for Tokenizing Third-Party API Keys and Access Tokens

Combined Session
Friday, June 07, 2024 13:30—13:50
Location: B 07-08
Watch the video
Log in to download presentations

Stolen secrets and credentials are one of the most common ways for attackers to move laterally and maintain persistence in cloud environments.

Modern cloud deployments employ secrets management systems such as KMS to protect key materials at rest and avoid leaking keys or credentials in source code or other build artifacts. However, secrets are unprotected at runtime, so any vulnerability or compromise of a service could lead to credential theft.

This talk will propose an architecture that, in conjunction with a secret manager, tokenizes secrets and rewrites requests at runtime. Through this approach, application code never directly interacts with key material. Additionally, it enforces stringent access control rules based on Open Policy Agent (OPA) policies for accessing secrets, significantly reducing the blast radius in the event of a security breach.

Vincenzo Iozzo
CEO
SlashID
CEO and Co-founder of SlashID. Previously, Founder & CEO of IperLane (acquired by Crowdstrike). Vincenzo is a Committee Member of the Black Hat Conference Board and was an Associate Researcher...
Almost Ready to Join EIC 2024?
Reach out to our team with any remaining questions
Get in touch