A Deep Dive into Serverless Attacks, SLS-2: Broken Authentication

Thanks for joining me for the second post in the series, the OWASP Serverless Top 10 Broken Authentication. In the previous post I discussed what might be the most concerning attack under every platform – injections. The post demonstrated the changes in attack surface when moving from a perimeter-based entry point in traditional monolithic applications […]

PODCAST: AWS iRobot & Making it Someone Else’s Problem

For this episode, Hillel and Tal from Protego were joined by Ben Kehoe, a cloud robotics research scientist at iRobot and an AWS Serverless Hero. Ben’s AWS iRobot Serverless Experience Ben explained, “iRobot, we’ve been making the Roomba since 2002. In 2015, we launched our first connected Roomba. We had a business that was at […]

Here Come Botnets – Serverless Botnets Security

Serverless computing continues to grow as cloud consumers expand their use of technologies like AWS Lambda and Google Cloud Functions. Serverless functions are ephemeral by nature, which creates not only a paradigm shift in application architecture, but also strengthens application security as well. And what about serverless botnets security? It’s tempting to imagine that this […]

A Deep Dive into OWASP TOP TEN – Serverless Attacks, SLS-1: Event Injection

The OWASP Serverless top ten project was just launched. It aims at educating practitioners and organizations about the consequences of the most common serverless application security vulnerabilities, as well as providing basic techniques to identify and protect against them. The Top 10 project is scheduled for a first, official, release in Q2 2019 and will […]

PODCAST: Serverless Startups & More

For this episode, Hillel and Tal from Protego were joined by Mike Atkins, a distributed systems engineer at LaunchDarkly. Mike explained, “LaunchDarkly makes it easy to put flags anywhere in your application. Normally, people think of flags as something they use to manage their features, so they can deliver new features to customers in a […]

Security in Serverless Architecture – Your Security Just Might Kill Your Serverless

Security in Serverless Architecture – Your Security Just Might Kill Your Serverless by Protego Labs CTO and co-founder Hillel Solow was originally published in The New Stack. Let me start with an anecdote. In the midst of a fascinating discussion with the security person in a large company that has embraced serverless, I asked her […]

Security For Web Developers

This two-part article by Protego Labs CTO and co-founder Hillel Solow was originally published in DEVOPSdigest. Securing cloud native applications presents an interesting challenge. Cloud native application developers view the cloud as an operating system, and they write for and run on that operating system. When it comes to security, this means spending time configuring […]

PODCAST: John Visneski from The Pokémon Company on Adopting Serverless

The second episode of The Serverless Show is available above on video as well as on SoundCloud, and summarized below. For this episode, Hillel and Tal from Protego Labs were joined by John Visneski. John is currently the Director of Information Security & Data Protection Officer at The Pokémon Company International, where he is responsible […]

Securing Serverless Apps: 3 Critical Tasks in 3 Days

Securing serverless applications requires three critical components. Read the original article published in Dark Reading and written by Protego Labs CTO and co-founder Hillel Solow. Serverless workloads in the cloud can be as secure as traditional applications with the right processes and tools. The key: start small, scale as your application scales, and involve everyone. […]