Hi [[ session.user.profile.firstName ]]

Protego Labs, Serverless Security

  • Date
  • Rating
  • Views
  • Serverless Security: A Practitioners Guide
    Serverless Security: A Practitioners Guide
    Nithin Jois, Solutions Engineer at we45 & Tal Melamed, Head of Security at Protego Recorded: Jun 19 2019 54 mins
    What’s NOT news is that Serverless (or ‘OS’less) technology is rapidly expanding. Product architecture and engineering are predominantly rooting for serverless adoption due to the underlying abstraction that the technology provides enabling them to focus on writing code without having to worry about all the necessary techOps layer beneath the code. This also allows them to integrate cloud apps with lower cost and operational efficiency.

    However, as with the adoption of any lucrative technology, comes its fair share of “ifs and buts” of security considerations. Like any developer driven technology (i.e. containers and VMs), securing serverless is critical. In addition to fundamental visibility and control gaps, securing serverless deployments requires newer approaches and techniques as compared to traditional application stacks. Ironically, the advantages realized by transferring responsibility of scalable and high performing infrastructures to Amazon, Google, Microsoft, etc., results in an equal responsibility of code security. Specifically, the integrity and assurance of the code, identities of the code and developers, permissioning, and serverless configuration, including network connectivity.

    In this webinar, we take a closer look at the OWASP Serverless Top 10 project- a practical guide that baselines the OWASP Top 10 in serverless deployments. The project introduces developers and security practitioners to the most common attack surfaces that serverless applications are susceptible to. We love being hands-on, and will therefore also demonstrate the following vulnerabilities for a more in-depth and practical understanding.
    •Functional Data Event Injection
    •XML Entities and Deserialization Attacks
    •ReDoS Attack

    Key Takeaways
    1.Areas of security concerns in serverless deployments
    2.Potential attack surfaces of typical serverless applications
    3.The OWASP Serverless Top 10
    4.Practical Attack Demonstrations
  • AWS Lambda & Serverless: Making It the Best Thing that Happened to AppSec
    AWS Lambda & Serverless: Making It the Best Thing that Happened to AppSec
    Mike Deck, Principal Solutions Architect, Amazon Web Services (AWS); Hillel Solow, CTO, Protego Labs Recorded: Jun 12 2019 58 mins
    Serverless migration continues to increase as companies across industries have recognized the operational benefits. What are their secrets to success?

    In this webinar we will present adoption trends and highlight case studies of customers who've made the leap to go serverless first. We will discuss common application threats and the tools and techniques you can use to mitigate them using serverless architectures, so you are armed with best practice strategies to make serverless truly the best thing that ever happened to AppSec in your organization.
  • The Future of Serverless – Is Google Cloud Run a Step Back, Forward, or Sideways
    The Future of Serverless – Is Google Cloud Run a Step Back, Forward, or Sideways
    Hillel Solow, CTO & Co-founder, Protego Labs, and Erica Windisch, CTO and Co-Founder, IOpipe Recorded: May 28 2019 8 mins
    In part 2 of the latest #Serverless Show, Hillel Solow, CTO & Co-founder, Protego Labs, and Erica Windisch, CTO and Co-Founder, IOpipe, discuss:
    - Why it's good that Google created constraints that force you to build your app a certain way
    - How Erica wants Google to step up & get #GoogleCloud Functions mature
    - How Hillel thinks you should have to get your #CloudNative license

    You can also read the summary on our blog.
    https://www.protego.io/the-future-of-serverless-is-google-cloud-run-a-step-back-forward-or-sideways/
  • The Serverless Show Ft. Erica Windisch
    The Serverless Show Ft. Erica Windisch
    Hillel Solow, CTO & Co-founder, Protego Labs, and Erica Windisch, CTO and Co-Founder, IOpipe Recorded: May 28 2019 8 mins
    In the latest Serverless Show, Hillel Solow, CTO & Co-founder, Protego Labs, and Erica Windisch, CTO and Co-Founder, IOpipe, discuss:
    - The complexity of cloud provider SLAs
    - The importance of building robust app architecture to design around failures
    - The key metrics for serverless observability
    You can also read the summary on our blog.
    https://www.protego.io/the-serverless-show-ft-erica-windisch/
  • Is Serverless Ready for Mission-Critical Apps?
    Is Serverless Ready for Mission-Critical Apps?
    Hillel Solow, CTO & Co-founder, Protego Labs, and Erica Windisch, CTO and Co-Founder, IOpipe Recorded: May 28 2019 11 mins
    In part 3 of the latest #Serverless Show, Hillel Solow, CTO & Co-founder, Protego Labs, and Erica Windisch, CTO and Co-Founder, IOpipe, discuss:
    - How to build in resiliency & #redundancy in multiple layers for mission-critical apps
    - Serverless apps tend to be more secure, not less
    - Favorite tweets
    You can also read the summary on our blog.

    https://www.protego.io/is-serverless-ready-for-mission-critical-apps/
  • The Serverless Show Favorite Tweets - DO ALL THE CLOUDS!
    The Serverless Show Favorite Tweets - DO ALL THE CLOUDS!
    Hillel Solow, CTO & Co-founder, Protego Labs + Ran Ribenzaft, Co-Founder & CTO, Epsagon Recorded: Apr 29 2019 7 mins
    In part 4 of the Serverless Show, Hillel Solow, CTO & Co-founder, Protego Labs, and Ran Ribenzaft, Co-Founder & CTO, Epsagon, discuss:
    -- What to do instead of trying to do all of the cloud
    -- Benchmarks & stats about the services that we use
    -- Research from Epsagon and the risk of picking a random function timeout duration

    You can also read the summary on our blog.
    https://www.protego.io/the-serverless-show-favorite-tweets-do-all-the-clouds/
  • The Serverless Show, Google Cloud Run + The Serverless Spectrum
    The Serverless Show, Google Cloud Run + The Serverless Spectrum
    Hillel Solow, CTO & Co-founder, Protego Labs + Ran Ribenzaft, Co-Founder & CTO, Epsagon Recorded: Apr 29 2019 5 mins
    In part 3 of the Serverless Show, Hillel Solow, CTO & Co-founder, Protego Labs, and Ran Ribenzaft, Co-Founder & CTO, Epsagon, discuss:
    -- Google Cloud Run
    -- The serverless gray boundary we're starting to see
    -- How the Epsagon tracer will show you distributed tracing that spans over multiple resources

    You can also read the summary on our blog.
    https://www.protego.io/the-serverless-show-google-cloud-run-the-serverless-spectrum/
  • The Serverless Show, UC-Berkeley on The Rise of Serverless Computing
    The Serverless Show, UC-Berkeley on The Rise of Serverless Computing
    Hillel Solow, CTO & Co-founder, Protego Labs + Ran Ribenzaft, Co-Founder & CTO, Epsagon Recorded: Apr 29 2019 7 mins
    In the latest Serverless Show, Hillel Solow, CTO & Co-founder, Protego Labs, and Ran Ribenzaft, Co-Founder & CTO, Epsagon, discuss:

    -- Serverless will adapt to the scenarios & use cases we're doing - not vice versa
    -- The paradigm of not managing infrastructure is going to ubiquitous
    -- Ran wants to stop everyone who says, “Serverless costs a lot”

    You can also read the summary on our blog.
    https://www.protego.io/the-serverless-show-uc-berkeley-on-the-rise-of-serverless-computing/
  • The Serverless Show, Ft. Ran Ribenzaft
    The Serverless Show, Ft. Ran Ribenzaft
    Hillel Solow, CTO & Co-founder, Protego Labs + Ran Ribenzaft, Co-Founder & CTO, Epsagon Recorded: Apr 29 2019 10 mins
    In the latest Serverless Show, Hillel Solow, CTO & Co-founder, Protego Labs, and Ran Ribenzaft, Co-Founder & CTO, Epsagon, discuss:

    -- How serverless observability breeds confidence & complexity
    -- Serverless is a good way to shine a spotlight on existing problems
    -- Security challenges get amplified
    -- Hitting the wall in observability

    You can also read the summary on our blog.
    https://www.protego.io/the-serverless-show-ft-ran-ribenzaft/
  • Anatomy of a Serverless Injection Attack - Step by Step
    Anatomy of a Serverless Injection Attack - Step by Step
    Tal Melamed, Head of Security Research, Protego Labs Recorded: Nov 7 2018 33 mins
    The OWASP Serverless top 10 project has launched. The upcoming report will evaluate the Top 10 for serverless environments, explaining and demonstrating the differences in attack vectors, defense techniques, and business impact.

    Join us for this webinar to learn about what might be the biggest change...& the most concerning – injection attacks. Protego’s Head of Security Research will show you what a serverless injection attack really looks like using code regularly found in the wild.

    Key Takeaways:
    --See a Slack bot serverless injection attack in action
    --View serverless attacks from attacker’s & defender’s points of view
    --Learn about the goal of the ongoing OWASP Serverless top 10 project

Embed in website or blog