Sankalp Sandeep Paranjpe
DevSecOps Engineer | AWS Community Builder | Former AWS Cloud Captain | AWS UG Pune Volunteer Lead
Pune, India
Actions
Sankalp Sandeep Paranjpe is a DevSecOps Engineer, AWS Community Builder, Volunteer Lead at AWS User Group Pune, and former AWS Cloud Club Captain. He is deeply passionate about cloud security and thrives at the intersection of security and community designing secure, scalable systems while enabling others to grow through knowledge sharing.
He has delivered talks and workshops at AWS Summit, AWS Community Days, Serverless Days, AWS User Group meetups, AWS Student community days and BSides Security conferences, covering topics around cloud security and DevSecOps. His sessions emphasize practical approaches and hands-on insights that attendees can directly apply in their own environments.
Beyond speaking, Sankalp actively contributes to the AWS community. He has volunteered and co-organized AWS Community Days, AWS User Group Pune meetups, helping bring builders together to exchange ideas and strengthen the local cloud ecosystem.
He also writes blogs on AWS security, DevSecOps practices documenting his experiences and sharing learnings with a wider audience.
Sankalp continues to build at the crossroads of security, cloud, and community, always looking for ways to create meaningful impact.
Email id: sankalpparanjpe.sp@gmail.com
LinkedIn: https://www.linkedin.com/in/sankalp-s-paranjpe/
Area of Expertise
Topics
Platform Security Engineering: Designing Guardrails Without Slowing Developers
Kubernetes platforms often expose a growing tension between security requirements and developer speed. Review-based security models do not scale, platform teams become bottlenecks, and controls are bypassed in the name of delivery. This session presents Platform Security Engineering as an operating model that embeds security into the platform through guardrails rather than approval gates.
The talk combines technical architecture and organizational strategy, covering how identity boundaries, workload policies, and secure defaults were implemented as platform capabilities, and how roles, ownership, and expectations between platform, security, and engineering teams evolved. It also discusses business and engineering trade-offs, resistance encountered, and lessons from failures.
Attendees will gain practical approaches for reducing risk while maintaining developer velocity, and insights into aligning platform security decisions with organizational goals.
Securing AI Agents 101: An Introduction to Bedrock AgentCore Identity
Move beyond chatbots to agents that "act." This session introduces Amazon Bedrock AgentCore Identity, exploring AWS-native "Workload Identities" and secure "Acting on Behalf" workflows.
Live AWS Demo: An agent hosted on AgentCore Runtime that manages external resources. See how IAM resource-based policies allow it to read data while strictly blocking destructive actions. Implementing OAuth 2.0 delegation, Amazon Cognito inbound auth, and the Resource Token Vault with AWS KMS encryption.
Serverless Under Siege: Hacking AWS Lambda Functions and Beyond
As serverless architectures continue to gain popularity for their scalability and cost-effectiveness, understanding the unique security challenges they present is crucial.
In this talk, titled "Serverless Under Siege: Hacking AWS Lambda Functions and Beyond," we'll shine a light on the vulnerabilities present in AWS Lambda functions. From injection attacks to misconfigured permissions, we'll dissect the various entry points that hackers exploit to gain unauthorized access or disrupt the system. We'll explore AWS serverless environments and identify common vulnerabilities that threaten the integrity and confidentiality of your applications.
We'll look at how services like AWS Lambda, API Gateway, and AWS Cognito can be used to create and exploit these vulnerabilities. But it's not all about threats—this talk will also provide you with practical strategies and best practices for securing your serverless applications against potential attacks.
OWASP MCP Top 10: A Practical Security Guide for MCP Builders
MCP adoption has outpaced security. An audit of 17 popular MCP servers found an average security score of 34 out of 100. Tool poisoning attacks succeed at 84.2% with auto-approval enabled. Over 30 CVEs have been filed against MCP implementations in the past 60 days. The first confirmed malicious MCP server, postmark-mcp, silently BCC'd every outgoing email to an attacker-controlled address for weeks before detection.
OWASP responded with the MCP Top 10, a structured threat taxonomy purpose-built for the protocol. This talk is a practitioner's walkthrough of all ten risks, not a slide-read, but a builder's guide to what each risk looks like in a real MCP deployment, how it gets exploited, and what a concrete fix looks like in code.
We cover token mismanagement and secret exposure, prompt injection via tool responses, tool poisoning through malicious descriptions, excessive permissions, insecure output handling, context over-sharing, missing authentication, rug-pull attacks, shadow MCP servers, and the audit trail gap.
Leave with a pre-deployment security checklist you can run against any MCP server before connecting it to production.
OAuth Isn't Enough: Confused Deputy in Multi-Agent MCP pipeline
OAuth-based authentication is becoming the default foundation for MCP-enabled systems. However, while authentication is standardized, authorization across agent boundaries remains unresolved.
In multi-agent MCP pipelines, orchestrators delegate tasks to sub-agents that act using the user’s authority. This creates a classic confused deputy problem: a sub-agent executes with valid credentials, but under the influence of untrusted inputs such as prompt injections or malicious tool manifests. As a result, it can access or exfiltrate data beyond the user’s original intent.
This talk demonstrates how privilege propagation, not authentication failure, is the core risk.
I will present a three-layer enforcement model:
1) Token attenuation using RFC 8693 to restrict sub-agent privileges at delegation time
2) Policy enforcement using Open Policy Agent to treat every tool call as untrusted input
3) Structured audit trails to ensure post-incident analysis
Live demo: the same MCP pipeline executed twice, first with default delegation (resulting in silent data exfiltration via prompt injection), and then with all three controls applied, where the attack is blocked, logged, and auditable.
Memory Poisoning Attack in AI Agents
Your AI agent's IAM execution role has `dynamodb:PutItem`. One crafted support email no credentials, no console access can use that role to poison your agent's memory store. Three days later, a compliance officer gets a fabricated report. A real $340,000 fraud alert is never surfaced.
This session shows exactly how it works and exactly how to stop it.
We walk through three implemented attack vectors against a production-realistic AWS agent stack: direct input injection through SES, kNN retrieval flooding via OpenSearch, and tool response injection through a compromised Lambda dependency. Every attack runs against real DynamoDB and OpenSearch, no simulations, no hand-waving.
Then we fix it. Five concrete changes: remove `PutItem` from the agent role, gate writes through a validator Lambda, tag every OpenSearch document with provenance metadata, enforce TTL as a security boundary, and add agent-layer CloudWatch instrumentation that surfaces what CloudTrail cannot.
Every defense ships as working Terraform and boto3. Attendees leave with a deployable lab repository and five IAM and code changes they can assign in a sprint.
The core question every team should be asking but isn't: does your agent's execution role have unconditional write access to its memory stores, and what is preventing an attacker from using it?
This talk answers that — with implementation demo.
From detection to response: Automated Forensic Orchestrator for Amazon EC2 Instances
In today’s cloud-driven world, security breaches remain a persistent risk due to the increasingly evolving threat landscapes. While robust processes and security measures can reduce vulnerabilities, sophisticated attackers continuously exploit new attack vectors, making it essential for organizations to focus on how effectively they can investigate and respond to potential incidents.
This talk is about the Automated Forensics Orchestrator for Amazon EC2 Instances, a powerful, AWS-native framework designed to automate forensic evidence collection, analysis, and reporting. Through real-world case studies and a live demo, we will explore how AWS Security Hub, GuardDuty, Systems Manager, Eventbridge, Step Functions, and Lambda Functions can be orchestrated to accelerate incident response.
We walk through a real-world attack scenario, demonstrating how the orchestrator:
1) Detects security incidents and triggers automated workflows
2) Isolates compromised EC2 instances to prevent further damage
3) Collects critical forensic evidence (memory dumps, disk snapshots, and acquisitions, logs)
4) Analyze and correlate attack patterns using AWS-native services
5) Generates actionable forensic reports for remediation
At the end of this session, attendees will have a practical understanding of automating forensic investigations on AWS, ensuring faster response times, improved security posture, and better incident handling capabilities.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top