Serverless Security: A Practitioners Guide

Logo
Presented by

Nithin Jois, Solutions Engineer at we45 & Tal Melamed, Check Point Software

About this talk

What’s NOT news is that Serverless (or ‘OS’less) technology is rapidly expanding. Product architecture and engineering are predominantly rooting for serverless adoption due to the underlying abstraction that the technology provides enabling them to focus on writing code without having to worry about all the necessary techOps layer beneath the code. This also allows them to integrate cloud apps with lower cost and operational efficiency. However, as with the adoption of any lucrative technology, comes its fair share of “ifs and buts” of security considerations. Like any developer driven technology (i.e. containers and VMs), securing serverless is critical. In addition to fundamental visibility and control gaps, securing serverless deployments requires newer approaches and techniques as compared to traditional application stacks. Ironically, the advantages realized by transferring responsibility of scalable and high performing infrastructures to Amazon, Google, Microsoft, etc., results in an equal responsibility of code security. Specifically, the integrity and assurance of the code, identities of the code and developers, permissioning, and serverless configuration, including network connectivity. In this webinar, we take a closer look at the OWASP Serverless Top 10 project- a practical guide that baselines the OWASP Top 10 in serverless deployments. The project introduces developers and security practitioners to the most common attack surfaces that serverless applications are susceptible to. We love being hands-on, and will therefore also demonstrate the following vulnerabilities for a more in-depth and practical understanding. •Functional Data Event Injection •XML Entities and Deserialization Attacks •ReDoS Attack Key Takeaways 1.Areas of security concerns in serverless deployments 2.Potential attack surfaces of typical serverless applications 3.The OWASP Serverless Top 10 4.Practical Attack Demonstrations
Related topics:

More from this channel

Upcoming talks (8)
On-demand talks (353)
Subscribers (53840)
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading AI-powered, cloud-delivered cyber security platform provider protecting over 100,000 organizations worldwide. Check Point leverages the power of AI everywhere to enhance cyber security efficiency and accuracy through its Infinity Platform, with industry-leading catch rates enabling proactive threat anticipation and smarter, faster response times. The comprehensive platform includes cloud-delivered technologies consisting of Check Point Harmony to secure the workspace, Check Point CloudGuard to secure the cloud, Check Point Quantum to secure the network, and Check Point Infinity Core Services for collaborative security operations and services.