Wiz

Meet the Wiz Research team at fwd:cloudsec

We invite you to attend Wiz Research's four technical sessions as well as the Wiz party at Flight Club Boston.

Jordan Fylonenko
2 min read

Attending fwd:cloudsec on July 25th? Be sure to check out one of our Research Team’s four sessions during the conference. Wiz is proud to have a series of sessions to explore how we discovered cloud vulnerabilities that affected thousands of cloud customers and organizations.

Meet us at our booth

Visit us at our table onsite where our Wiz Research Team will be available to answer any questions you have about the numerous research pieces they’ve published, including ChaosDB and OMIGOD.

Attend one of our sessions

  • Monday, July 25, 17:30 – 18:15 ET: “ Shifting Right” with policy code - In this talk, you'll learn the basics of policy-as-code, see some real-world examples, and learn how to get started applying the technology and techniques in your own environment.

  • Monday, July 25, 16:45 – 17:30 ET: We built a community of cloud vulnerability database, now what? - We will review the weaknesses of the cloud that the new central database unveils, and present novel findings about the security impact that the lack of an established cloud vulnerabilities model results in. We will make the case for extending the current CVE model to be more cloud friendly as the current model is broken and call everyone to join the movement for change.

  • Monday, July 25, 9:20 – 10:00 ET : Cloudy With a Chance of Vulnerabilities – Finding and exploiting vulnerabilities in the cloud - In this session, we share the methodologies and internally developed strategy we used to successfully uncover multiple critical vulnerabilities and design issues in the core of major CSPs. Covering the whole research process - from choosing a target to exploiting a remote code execution vulnerability on a managed service, we will explain how we found issues that affected thousands of cloud customers and organizations.

  • Monday, July 25, 16:00 – 16:20 ET: Secret Agents: Demystifying (and Pwning) Cloud Middleware - In this session, we will unveil new research on the unseen risk of "cloud middleware" - the proprietary software that bridges customers' virtual machines and cloud service providers' integrations. We found that this software is commonly installed on customers' virtual machines without the customer’s awareness or explicit consent and can often introduce new potential attack surfaces to cloud environments.

Wind Down with Wiz

Monday, July 25, 5:30 – 8:30pm ET

@ Flight Club Boston

Come join Wiz at Flight Club for an evening of darts and drinks after fwd:cloudsec. You’ll have an opportunity to mingle with our Research Team after their sessions, connect with peers, play some darts, and enjoy some food and drink at the infamous Flight Club! Reserve your spot here.

We hope to see you in Boston!

Tags:
#News

Secure everything you build and run in the cloud

Organizations of all sizes and industries use Wiz to rapidly identify and remove the most critical risks in AWS, Azure, GCP, OCI, and Kubernetes so they can build faster and more securely.

Get a demo

Continue reading

Wiz extends CNAPP leadership with protection for Alibaba Cloud

Oron Noah
Support for Alibaba Cloud follows just weeks after launch of Oracle Cloud Infrastructure (OCI) integration, providing organizations the broadest coverage of any cloud native application protection platform (CNAPP)

The cloud gray zone—secret agents installed by cloud service providers

Nir Ohfeld, Shir Tamari
Wiz Research builds upon previous “OMIGOD” findings with a presentation at RSA Conference 2022; details how cloud middleware use across cloud service providers can expose customers' virtual machines to new attack vectors

A new vision for cloud security unites builders and defenders

Yinon Costica
Our introduction of attack path analysis (APA) and Cloud Detection and Response (CDR) further enriches the context provided by our foundational Wiz Security Graph.