2023-10-15 –, WestIn - Partenkirchen
During a recent security assessment of Storebrand's modern environment hosted on Azure, the offensive team identified several attack vectors from the Internet that could compromise the organization's assets. Specifically, vulnerabilities were discovered in Atlassian products exposed on the Internet, which could allow attackers to gain unauthorized access to sensitive data. To mitigate these vulnerabilities, the Web Application Firewall (WAF) was re-evaluated and reconfigured to protect Atlassian products. Overall, the offensive team's identification of these attack vectors and recommendation to implement a WAF helped Storebrand's security team improve their security posture and better protect their modern environment.
In this talk we will delve into the valuable insights gained through the exposure of Atlassian products on the Internet. We will discuss the attack vectors identified during the assessment, focusing on real-world examples and the impact they can have on organizations. Misconfigurations were discovered in both 3rd party plugins and the WAF, leading to technical and logical issues that could potentially result in a data breach. Additionally, we will explore the defensive measures that can be implemented to mitigate these risks, including a proper use of Web Application Firewall (WAF) and secure configuration practices. Attendees of this talk will leave with a deeper understanding of the potential consequences of exposing Atlassian on the internet and practical strategies for enhancing the security of their own deployments.
Atlassian, WAF, SSO, bypass, plugins, impact
Oleksandr, an Offensive Security Manager at Storebrand, brings over 15 years of extensive experience in information security to his role. With a background in cryptography and holding a PhD in the field, he possesses deep expertise and knowledge in securing digital systems and data. In his current position, Oleksandr is entrusted with the responsibility of managing and strengthening offensive security initiatives at Storebrand. Through his leadership and expertise, he has significantly contributed to enhancing Storebrand's security posture and providing a comprehensive understanding of the organization's corporate risks and vulnerabilities.