Securing serverless by breaking in

Simon Maple, Snyk

Serverless rocks the security boat. Ad-hoc servers we don’t manage rids us of certain security concerns, while the proliferation of cheap microservices raises others.

In this talk, we’ll experience these security concerns live. We’ll break into a vulnerable Serverless application and exploit multiple weaknesses, helping you better understand the mistakes you can make, their implications, and how you can avoid them.

Objective of the talk

Show the audience that security issues can still exist in a serverless environment, despite the platform being managed by providers. These can exist in the applications as well as poor deployment scripting and configurations. We’ll look through many different security holes and explain their fixes.

Required audience experience

Understanding of serverless and the serverless framework is important

Track 1
Location: Date: November 7, 2019 Time: 10:55 am - 11:40 am Simon Maple, Snyk Simon Maple, Snyk