RK
Ramakrishnan Kandasamy
@rmkanda
Is your Serverless Application Secure?
Submitted Apr 21, 2019
Technical level:
Intermediate
Serverless is one of the rapidly growing technology in this cloud world. This gives a lot of advantages for the developers & adapters for while managing our applications & code. This also gives a lot of abstractions including in security space. This makes the developers think that their application is secure from all the threats & vulnerabilities.
But as like other security conceptions, Serverless also has lot of misconceptions like we do not need to much worry about security & it will be managed by the providers. But the reality is not the same.
May be the attack surface is lesser when compared to the other types of applications. But still we have a lot space to take care in the serverless security. Let’s look into why security in serverless is important & how to ensure our serverless applications secure.
Outline
- What is Serverless Applications
- Why Security is key in Serverless
- Targets in Serverless Applications
- Common attack samples with NodeJS applications
a. Securing Application Code
b. Securing Dependencies
c. Configuration - What changes with Serverless
a. Rate limiting
b. Secrets in code
c. Firewalls
Requirements
N/A
Speaker bio
Ramesh Ramalingam
Senior consultant at Thoughtworks with more than 10 years of experience. Worked in verious front end technologies & a Javascript enthusiast.
Ramakrishnan Kandasamy
Consultant at Thoughtworks with 7 years of experience as Quality Analyst. He likes to talk about application security & best practices. Basically a security freak ;)
Slides
https://drive.google.com/file/d/1L-VOdxP1Q65awmrEuD4g1JUFGyG60kK-/view?usp=sharing
{{ gettext('Login to leave a comment') }}
{{ gettext('Post a comment…') }}{{ errorMsg }}
{{ gettext('No comments posted yet') }}