On 19 July 2019, somewhere in a house in Seattle, a 33-year-old woman named Paige Thompson sat behind her laptop. She was angry. She had just been fired from Amazon Web Services, where she had worked as a senior engineer for years. She had learned the access conventions of AWS inside and out — especially the ways customers misconfigure their environments. And she was at that moment scanning, systematically, for misconfigured Web Application Firewalls she could persuade via a technique called Server-Side Request Forgery to hand her their internal credentials.
"We use AWS so we're secure"
Premium member benefits
Enjoyed this essay? There are more where it came from.
Members get the complete premium library — templates, runbooks, threat briefings and long-form essays — plus one free premium assessment every month.