Presentation: Securing Serverless – By Breaking In
Share this on:
Abstract
Serverless rocks the security boat. Ad-hoc servers we don’t manage rids us of certain security concerns, while the proliferation of cheap micro services raises others. In this talk, we’ll experience these security concerns live. We’ll break into a vulnerable Serverless application and exploit multiple weaknesses, helping you better understand the mistakes you can make, their implications, and how you can avoid them.
How you you describe the persona and level of the target audience?
Mid-senior technical staff - notably in the dev, ops or security - who influence the quality, process or architecture of software being developed. This includes architects, senior developers, managers, and of course application security people.
What do you want “that” persona to walk away from your talk knowing that they might not have known 50 minutes before?
A good understanding of the risks presented by using a Serverless platform for your applications, how they differ from other ops paradigms, and how you can defend yourself from them.
What trend in the next 12 months would you recommend an early adopter/early majority SWE to pay particular attention to?
The growth in adoption of DevSecOps practices. As DevOps helps us accelerate our business, it’s increasingly clear that security is either the bottleneck or is left behind, neither is a good option. The imperfect “DevSecOps” buzzword embodies security practices that we can integrate into the software development process without slowing it down.
Similar Talks
Tracks
-
Microservices/ Serverless: Patterns and Practices
Stories of success and failure building modern service and function-based applications, including event sourcing, reactive, decomposition, & more.
-
Distributed Stateful Systems
Architecting and leveraging NoSQL revisitied
-
Evolving Java and the JVM: Mobile, Micro and Modular
Although the Java language is holding strong as a developer favourite, new languages and paradigms are being embraced on JVM.
-
The Practice & Frontiers of AI
Learn about machine learning in practice and on the horizon
-
Operating Systems: LinuxKit, Unikernels, & Beyond
Applied, practical, & real-world deep-dive into industry adoption of OS, containers and virtualisation, including Linux on Windows, LinuxKit, and Unikernels
-
Stream Processing in the Modern Age
Compelling applications of stream processing & recent advances in the field
-
Leading Edge Backend Languages
Code the future! How cutting-edge programming languages and their more-established forerunners can help solve today and tomorrow’s server-side technical problems.
-
Modern CS in the Real World
Applied trends in Computer Science that are likely to affect Software Engineers today.
-
DevEx: The Next Evolution of DevOps
Removing friction from the developer experience.
-
Bare Knuckle Performance
Killing latency and getting the most out of your hardware
-
Tech Ethics in Action
Learning from the experiences of real-world companies driving technology decisions from ethics as much as technology.
-
Security: Red XOR Blue Team
Security from the defender's AND the attacker's point of view
-
Architecting for Failure
If you're not architecting for failure you're heading for failure
-
Architectures You've Always Wondered About
Topics like next-gen architecture mixed with applied use cases found in today's large-scale systems, self-driving cars, network routing, scale, robotics, cloud deployments, and more.
-
Observability: Logging, Alerting and Tracing
Observability in modern large distributed computer systems
-
Speaker AMAs (Ask Me Anything)
-
Building Great Engineering Cultures & Organizations
Stories of cultural change in organizations
-
Speaker AMAs (Ask Me Anything)