Serverless Security: Attackers and Defenders | SANS Cloud Security Summit 2019
In serverless applications, the cloud provider is responsible for securing the underlying infrastructure, from the data centers all the way up to the container and run-time environment. This relieves much of the security burden from the application owner, but it also poses many unique challenges when it comes to securing the application layer. In this presentation, we will discuss the most critical challenges related to securing serverless applications, from development to deployment. We will also walk through a live demo of a realistic serverless application that contains several common vulnerabilities, and see how they can be exploited by attackers and how to secure them. We will also use examples from a recent story published in Dark-Reading magazine on how we hacked a real-world serverless application and won the $1,000 bounty!
Ory Segal (@orysegal), CTO, PureSec
View upcoming Summits: http://www.sans.org/u/DuS
Видео Serverless Security: Attackers and Defenders | SANS Cloud Security Summit 2019 канала SANS Institute
Ory Segal (@orysegal), CTO, PureSec
View upcoming Summits: http://www.sans.org/u/DuS
Видео Serverless Security: Attackers and Defenders | SANS Cloud Security Summit 2019 канала SANS Institute
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Virtuous Cycles: Rethinking the SOC for Long-Term Success | SANS Security Operations Summit 2019The SANS | GIAC Cybersecurity Training Experience: Get Ready for Something PhenomenalIntroduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017Top 3 data risks in Cloud SecurityThreat Hunting via Sysmon - SANS Blue Team Summit4 Most Difficult IT Security CertificationsServerless Vs Container (Lambda Vs Kubernetes)Contrast Security Demo & OverviewServerless Security Made Simple (Cloud Next '19)Can we make quantum technology work? | Leo Kouwenhoven | TEDxAmsterdamApplied Data Science and Machine Learning for Cybersecurity - SANS Tactical Detection Summit 2018ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018SANS Institute - GIAC CertificationsRust, WebAssembly, and the future of Serverless by Steve KlabnikAmp Up Your Career: Careers in Energy and Critical Infrastructure CybersecurityFail-Safe vs. Fail-Deadly (with Colin Furze)Pen testing AWS Serverless Architect | Bug Bounty Skills & Innovative Methodology | Cloud Security 🔥Sitting at the Big Table: Experiences as a First-Time Information Security OfficerWhat is "Fail Safe"?