Ten Steps to Lambda Security

Serverless applications can have significant security benefits, for example no need for the customer to patch or update operating systems and platforms. However, serverless architectures can also introduce new risks which in the worst case could lead to complete compromise of a customer’s cloud account.

The presenter discusses examples of vulnerable or badly configured serverless functions based on experience, and in a live demonstration, shows how a “bad” Lambda function can lead to compromise of confidential data in the cloud. 10 Steps to Lambda Security are presented, providing a practical security checklist for developers implementing serverless architectures in AWS.

Objective of the talk

• bring to life potential security issues which can be introduced by serverless functions
• increase awareness of the importance of taking steps to secure serverless applications
• provide a practical checklist of security controls to reduce risk of data loss and cloud account takeover

Required audience experience

A basic understanding of serverless functions is needed to follow the content of the talk.

You can view Paul’s slides below:

Paul Schwarzenberger – Ten Steps to Lambda Security