In this talk I’m going to show you various attack vectors against the serverless applications built from AWS Lambda functions. You can expect the following:

* my findings on publishing malicious NPM packages to smuggle malicious code into legitimately looking dependences,

* examples of validation errors in serverless applications, including Denial of Wallet attacks and RCE in a fugacious, serverless environment

* insecure defaults in Serverless framework

* serverless attacks and security nuances in Azure and GCP

* recipes to prevent those attacks

* lots of demos

* lots of fun 🙂/