OWASP Serverless Top 10 – TAL MELAMED
iSpeech.org
OWASP Global AppSec Tel Aviv
https://telaviv.appsecglobal.org/
In moving to serverless, we shift some security responsibilities to the infrastructure provider by eliminating the need to manage servers. Unfortunately, that doesn’t mean we’re entirely absolved of all security duties. Serverless functions still execute code and can still be vulnerable to application-level attacks. As a new type of architecture, serverless presents new security challenges. Some are equal to traditional application development, but some take a new form. Attackers are thinking differently, and developers must do so as well to gain the upper hand.
In this talk, I will dive into the Top 10 risks of the OWASP Serverless Top 10 project. I will discuss why these risks are different from traditional attacks and how we should protect our application against them. I will also introduce OWASP DVSA, a deliberately vulnerable tool, aiming to assist both security professionals and developers to better understand the implications and processes of serverless security.
Tal Melamed
Head of Security Research, Protego Labs
In the past year, Tal Melamed been experimenting in offensive and defensive security for the serverless technology, as part of his role as Head of Security Research at Protego Labs. Specializing in AppSec, he has more than 15 years of experience in security research and vulnerability.
-
Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project
source
0 Responses to OWASP Serverless Top 10 – TAL MELAMED