Serverless Security: A Practitioners Guide

Logo
Presented by

Nithin Jois, Solutions Engineer at we45 & Tal Melamed, Check Point Software

About this talk

What’s NOT news is that Serverless (or ‘OS’less) technology is rapidly expanding. Product architecture and engineering are predominantly rooting for serverless adoption due to the underlying abstraction that the technology provides enabling them to focus on writing code without having to worry about all the necessary techOps layer beneath the code. This also allows them to integrate cloud apps with lower cost and operational efficiency. However, as with the adoption of any lucrative technology, comes its fair share of “ifs and buts” of security considerations. Like any developer driven technology (i.e. containers and VMs), securing serverless is critical. In addition to fundamental visibility and control gaps, securing serverless deployments requires newer approaches and techniques as compared to traditional application stacks. Ironically, the advantages realized by transferring responsibility of scalable and high performing infrastructures to Amazon, Google, Microsoft, etc., results in an equal responsibility of code security. Specifically, the integrity and assurance of the code, identities of the code and developers, permissioning, and serverless configuration, including network connectivity. In this webinar, we take a closer look at the OWASP Serverless Top 10 project- a practical guide that baselines the OWASP Top 10 in serverless deployments. The project introduces developers and security practitioners to the most common attack surfaces that serverless applications are susceptible to. We love being hands-on, and will therefore also demonstrate the following vulnerabilities for a more in-depth and practical understanding. •Functional Data Event Injection •XML Entities and Deserialization Attacks •ReDoS Attack Key Takeaways 1.Areas of security concerns in serverless deployments 2.Potential attack surfaces of typical serverless applications 3.The OWASP Serverless Top 10 4.Practical Attack Demonstrations

Related topics:

More from this channel

Upcoming talks (2)
On-demand talks (247)
Subscribers (40480)
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cyber security solutions to corporate enterprises and governments globally. Its solutions protect customers from 5th-generation cyber-attacks with an industry leading catch rate of malware, ransomware and other targeted attacks. Check Point offers a multilevel security architecture with our new Gen V advanced threat prevention that protects all networks, cloud and mobile operations of a business against all known attacks combined with the industry’s most comprehensive and intuitive single point of control management system. Check Point protects over 100,000 organizations of all sizes.