JSFoo Coimbatore 2019

On building faster, performant and secure web applications

Is your Serverless Application Secure?

Submitted by Ramakrishnan Kandasamy (@rmkanda) on Apr 21, 2019

Technical level: Intermediate Status: Under evaluation

Abstract

Serverless is one of the rapidly growing technology in this cloud world. This gives a lot of advantages for the developers & adapters for while managing our applications & code. This also gives a lot of abstractions including in security space. This makes the developers think that their application is secure from all the threats & vulnerabilities.

But as like other security conceptions, Serverless also has lot of misconceptions like we do not need to much worry about security & it will be managed by the providers. But the reality is not the same.

May be the attack surface is lesser when compared to the other types of applications. But still we have a lot space to take care in the serverless security. Let’s look into why security in serverless is important & how to ensure our serverless applications secure.

Outline

  1. What is Serverless Applications
  2. Why Security is key in Serverless
  3. Targets in Serverless Applications
  4. Common attack samples with NodeJS applications
    a. Securing Application Code b. Securing Dependencies c. Configuration
  5. What changes with Serverless
    a. Rate limiting b. Secrets in code c. Firewalls

Requirements

N/A

Speaker bio

Ramesh Ramalingam

Senior consultant at Thoughtworks with more than 10 years of experience. Worked in verious front end technologies & a Javascript enthusiast.

Ramakrishnan Kandasamy

Consultant at Thoughtworks with 7 years of experience as Quality Analyst. He likes to talk about application security & best practices. Basically a security freak ;)

Slides

https://drive.google.com/file/d/1L-VOdxP1Q65awmrEuD4g1JUFGyG60kK-/view?usp=sharing

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('You need to be a participant to comment.') }}

{{ formTitle }}
{{ gettext('Post a comment...') }}
{{ gettext('New comment') }}

{{ errorMsg }}