Serverless Security: Attack & Defense

Abstract

In this talk I’m going to show you various attack vectors against the serverless applications built from AWS Lambda functions. You can expect the following:

* my findings on publishing malicious NPM packages to smuggle malicious code into legitimately looking dependences,

* examples of validation errors in serverless applications, including Denial of Wallet attacks and RCE in a fugacious, serverless environment

* insecure defaults in Serverless framework

* serverless attacks and security nuances in Azure and GCP

* recipes to prevent those attacks

* lots of demos

* lots of fun 🙂/

LOCATION: TRACK 2

DATE: July 25, 2020

TIME: 09:00 PM - 10:00 PM (GMT +8)

Pawel Rzepa

Got a question for our speakers or just want to chat? Join us on Discord!