In moving to serverless, we shift some security responsibilities to the infrastructure provider by eliminating the need to manage servers. Unfortunately, that doesn’t mean we’re entirely absolved of all security duties. Serverless functions still execute code and can still be vulnerable to traditional application-level attacks. As a new type of architecture, serverless presents new security challenges. Some are equal to traditional application development, but some take a new form.
In this talk, Tal Melamed will examine how the original Top 10 stack up for serverless apps based on the OWASP Serverless Top 10 project and why they are different from traditional attacks in attack vectors and defense techniques. Tal will also introduce the Damn Vulnerable Serverless Application (DVSA), a deliberately vulnerable, open-source tool, aiming to be an aid for both security professionals and developers to better understand the implications and processes of serverless security.
Tuesday, February 12, 5:00 PM to 8:00 PM in Tel Aviv. Register via Meetup.