Serverless Security: A Practitioners Guide

Logo
Presented by

Nithin Jois, Solutions Engineer at we45 & Tal Melamed, Check Point Software

About this talk

What’s NOT news is that Serverless (or ‘OS’less) technology is rapidly expanding. Product architecture and engineering are predominantly rooting for serverless adoption due to the underlying abstraction that the technology provides enabling them to focus on writing code without having to worry about all the necessary techOps layer beneath the code. This also allows them to integrate cloud apps with lower cost and operational efficiency. However, as with the adoption of any lucrative technology, comes its fair share of “ifs and buts” of security considerations. Like any developer driven technology (i.e. containers and VMs), securing serverless is critical. In addition to fundamental visibility and control gaps, securing serverless deployments requires newer approaches and techniques as compared to traditional application stacks. Ironically, the advantages realized by transferring responsibility of scalable and high performing infrastructures to Amazon, Google, Microsoft, etc., results in an equal responsibility of code security. Specifically, the integrity and assurance of the code, identities of the code and developers, permissioning, and serverless configuration, including network connectivity. In this webinar, we take a closer look at the OWASP Serverless Top 10 project- a practical guide that baselines the OWASP Top 10 in serverless deployments. The project introduces developers and security practitioners to the most common attack surfaces that serverless applications are susceptible to. We love being hands-on, and will therefore also demonstrate the following vulnerabilities for a more in-depth and practical understanding. •Functional Data Event Injection •XML Entities and Deserialization Attacks •ReDoS Attack Key Takeaways 1.Areas of security concerns in serverless deployments 2.Potential attack surfaces of typical serverless applications 3.The OWASP Serverless Top 10 4.Practical Attack Demonstrations
Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (347)
Subscribers (52787)
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cyber security solutions to corporate enterprises and governments globally. Check Point Infinity’s portfolio of solutions protects enterprises and public organizations from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and other threats. Infinity comprises three core pillars delivering uncompromised security and generation V threat prevention across enterprise environments: Check Point Harmony, for remote users; Check Point CloudGuard, to automatically secure clouds; and Check Point Quantum, to protect network perimeters and datacenters, all controlled by the industry’s most comprehensive, intuitive unified security management; Check Point Horizon, a prevention-first security operations suite. Check Point protects over 100,000 organizations of all sizes.