Presentation: Securing Serverless – By Breaking In

Track: Microservices/ Serverless: Patterns and Practices

Location: Fleming, 3rd flr.

Duration: 1:40pm - 2:30pm

Day of week: Monday

Level: Intermediate - Advanced

Share this on:

Abstract

Serverless rocks the security boat. Ad-hoc servers we don’t manage rids us of certain security concerns, while the proliferation of cheap micro services raises others. In this talk, we’ll experience these security concerns live. We’ll break into a vulnerable Serverless application and exploit multiple weaknesses, helping you better understand the mistakes you can make, their implications, and how you can avoid them.

Question: 

How you you describe the persona and level of the target audience?

Answer: 

Mid-senior technical staff - notably in the dev, ops or security - who influence the quality, process or architecture of software being developed.  This includes architects, senior developers, managers, and of course application security people.

Question: 

What do you want “that” persona to walk away from your talk knowing that they might not have known 50 minutes before?

Answer: 

A good understanding of the risks presented by using a Serverless platform for your applications, how they differ from other ops paradigms, and how you can defend yourself from them.

Question: 

What trend in the next 12 months would you recommend an early adopter/early majority SWE to pay particular attention to?

Answer: 

The growth in adoption of DevSecOps practices.  As DevOps helps us accelerate our business, it’s increasingly clear that security is either the bottleneck or is left behind, neither is a good option.  The imperfect “DevSecOps” buzzword embodies security practices that we can integrate into the software development process without slowing it down.

Speaker: Guy Podjarny

Co-founder @SnykSec, previously CTO @Akamai

Guy Podjarny (@guypod) is a cofounder at Snyk.io, focusing on open source and cloud security. Guy was previously CTO at Akamai following their acquisition of his startup, Blaze.io, and worked on the first web app firewall & security code analyzer. Guy is a frequent conference speaker, the author of "Responsive & Fast”, “High Performance Images” and the upcoming “Securing Open Source Code”.

Find Guy Podjarny at

Similar Talks

Cloud Technology Consultant with an expertise in Serverless Computing
VP Engineering @WeWork
CEO @Skipjaq & Co-Founder of SpringSource
Senior Consulting Engineer @Pivotal

Tracks

Monday, 5 March

Tuesday, 6 March

Wednesday, 7 March