Presentation: Securing Serverless – By Breaking In
Share this on:
Abstract
Serverless rocks the security boat. Ad-hoc servers we don’t manage rids us of certain security concerns, while the proliferation of cheap micro services raises others. In this talk, we’ll experience these security concerns live. We’ll break into a vulnerable Serverless application and exploit multiple weaknesses, helping you better understand the mistakes you can make, their implications, and how you can avoid them.
How you you describe the persona and level of the target audience?
Mid-senior technical staff - notably in the dev, ops or security - who influence the quality, process or architecture of software being developed. This includes architects, senior developers, managers, and of course application security people.
What do you want “that” persona to walk away from your talk knowing that they might not have known 50 minutes before?
A good understanding of the risks presented by using a Serverless platform for your applications, how they differ from other ops paradigms, and how you can defend yourself from them.
What trend in the next 12 months would you recommend an early adopter/early majority SWE to pay particular attention to?
The growth in adoption of DevSecOps practices. As DevOps helps us accelerate our business, it’s increasingly clear that security is either the bottleneck or is left behind, neither is a good option. The imperfect “DevSecOps” buzzword embodies security practices that we can integrate into the software development process without slowing it down.
Similar Talks
Tracks
Monday, 5 March
-
Leading Edge Backend Languages
Code the future! How cutting-edge programming languages and their more-established forerunners can help solve today and tomorrow’s server-side technical problems.
-
Security: Red XOR Blue Team
Security from the defender's AND the attacker's point of view
-
Microservices/ Serverless: Patterns and Practices
Stories of success and failure building modern service and function-based applications, including event sourcing, reactive, decomposition, & more.
-
Stream Processing in the Modern Age
Compelling applications of stream processing & recent advances in the field
-
DevEx: The Next Evolution of DevOps
Removing friction from the developer experience.
-
Modern CS in the Real World
Applied trends in Computer Science that are likely to affect Software Engineers today.
-
Speaker AMAs (Ask Me Anything)
Tuesday, 6 March
-
Next Gen Banking: It’s not all Blockchains and ICOs
Great technologies like Blockchain, smartphones and biometrics must not be limited to just faster banking, but better banking.
-
Observability: Logging, Alerting and Tracing
Observability in modern large distributed computer systems
-
Building Great Engineering Cultures & Organizations
Stories of cultural change in organizations
-
Architectures You've Always Wondered About
Topics like next-gen architecture mixed with applied use cases found in today's large-scale systems, self-driving cars, network routing, scale, robotics, cloud deployments, and more.
-
The Practice & Frontiers of AI
Learn about machine learning in practice and on the horizon
-
JavaScript and Beyond: The Future of the Frontend
Exploring the great frontend frameworks that make JavaScript so popular and theg JavaScript-based languages revolutionising frontend development.
-
Speaker AMAs (Ask Me Anything)
Wednesday, 7 March
-
Distributed Stateful Systems
Architecting and leveraging NoSQL revisitied
-
Operating Systems: LinuxKit, Unikernels, & Beyond
Applied, practical, & real-world deep-dive into industry adoption of OS, containers and virtualisation, including Linux on Windows, LinuxKit, and Unikernels
-
Architecting for Failure
If you're not architecting for failure you're heading for failure
-
Evolving Java and the JVM: Mobile, Micro and Modular
Although the Java language is holding strong as a developer favourite, new languages and paradigms are being embraced on JVM.
-
Tech Ethics in Action
Learning from the experiences of real-world companies driving technology decisions from ethics as much as technology.
-
Bare Knuckle Performance
Killing latency and getting the most out of your hardware
-
Speaker AMAs (Ask Me Anything)