Injections Without Border: An Anatomy of Serverless Event Injections
Serverless applications have seen a significant rise in adoption in the past year. Along with its advantages, serverless architecture presents new security challenges. Some of these security threats are equal to those we know from traditional application development and some take on a new form.
One particular example is the Injection Attack. Yes, SQL/NoSQL, OS and Code Injection attacks, they all still exist. But, when dealing with a monolithic application we only have one way in. What happens when we move to serverless architecture and we lose the perimeter? Code is no longer executed directly, but is executed through cloud events. Whether it’s a file upload, an email sent, a notification received or a simple log entry.
In this talk, Tal will examine the Serverless #1 Risk: Event Injection, and will demonstrate injection attacks form multiple event types.
Friday, August 9th, 4:00 PM to 5:00 PM in Las Vegas. Register here.