REGISTER
Cart

Hunting for Amazon Cognito Security Misconfigurations

REGISTER

Date

August 25, 2023

Time

15:30

Track

Track 1

Amazon Cognito is an AWS service that’s becoming increasingly popular in modern apps as it provides a complete solution for authentication, authorization, and user management. However, its implementation can easily be misconfigured leaving the door open for various cyber attacks. In this talk, we’ll go over some of these security misconfigurations and how to test for them either when you’re doing a security audit or bug bounty hunting then we’ll present a case study of a zero-interaction account takeover on Flickr and then provide practical tips for developers on how to mitigate and avoid these misconfigurations.

Yassine Aboukir

Hacker Advisory Board

HackerOne

Yassine Aboukir is a principal security consultant specializing in application and cloud security working with organizations from various industries. Yassine is also a proficient bug bounty hunter actively hacking on the HackerOne platform where he’s a member of the hacker advisory board, globally ranked in the top 20 hackers, won MVH title and 1st place at H1-303 live hacking event held in Denver. He has spoken at various international security conferences and enjoys meeting and connecting with like-minded people.

SUPPORTING ORGANIZATION

COMMSEC TRACK SPONSOR

CTF & CTF PRIZE SPONSOR

TCP/IP RECEPTION SPONSOR

SPEAKERS DINNER BY

POST CONFERENCE RECEPTION SPONSOR

EXHIBITOR

CRESTnew-logo-2

VILLAGES

RRG-Logo.png
hardwareninja.png

FRIENDS OF HITB

HACK IN THE BOX PTE LTD

Level 36, Menara Maxis,

Kuala Lumpur City Center,

50088 Kuala Lumpur,

Malaysia

Facebook Twitter Youtube