BSidesSF 2017 has ended
Back To Schedule
Sunday, February 12 • 11:45am - 12:15pm
Reducing “Mixtape to Master Key” Scenarios: How to block the Dark Army from mayhem using API-driven access control

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

After tenure of a year or two at many companies, a senior engineer’s access level is often maxed out. He or she probably has full root permissions across the entire infrastructure. We call these privileges ‘master keys’ and, just like a building’s master key, they are very dangerous if they fall into the wrong hands.

Instead, privileged access should granted only on a temporary basis. Sometimes this means requesting increased access from a manager, or a peer. But sometimes the increased access can be imputed from another input. For example, sudo permissions can be automatically granted and revoked in accordance with an on-call schedule. Or a Jira ticket must be open and approved before a user can log into a sensitive database for scheduled maintenance. 

This talk will cover how to quickly and easily build API-driven access control into your environment and eliminate your “master keys”.

avatar for Aren Sandersen

Aren Sandersen

Founder, Foxpass
Aren Sandersen has had engineering, operations, and security roles at various startups for the last 15 years. He founded Foxpass in 2015 to bring enterprise security practices to companies of all sizes.

Sunday February 12, 2017 11:45am - 12:15pm PST