JSFoo Coimbatore 2019

JSFoo Coimbatore 2019

On building faster, performant and secure web applications

Ramakrishnan Kandasamy

@rmkanda

Is your Serverless Application Secure?

Submitted Apr 21, 2019

Serverless is one of the rapidly growing technology in this cloud world. This gives a lot of advantages for the developers & adapters for while managing our applications & code. This also gives a lot of abstractions including in security space. This makes the developers think that their application is secure from all the threats & vulnerabilities.

But as like other security conceptions, Serverless also has lot of misconceptions like we do not need to much worry about security & it will be managed by the providers. But the reality is not the same.

May be the attack surface is lesser when compared to the other types of applications. But still we have a lot space to take care in the serverless security. Let’s look into why security in serverless is important & how to ensure our serverless applications secure.

Outline

  1. What is Serverless Applications
  2. Why Security is key in Serverless
  3. Targets in Serverless Applications
  4. Common attack samples with NodeJS applications
    a. Securing Application Code
    b. Securing Dependencies
    c. Configuration
  5. What changes with Serverless
    a. Rate limiting
    b. Secrets in code
    c. Firewalls

Requirements

N/A

Speaker bio

Ramesh Ramalingam

Senior consultant at Thoughtworks with more than 10 years of experience. Worked in verious front end technologies & a Javascript enthusiast.

Ramakrishnan Kandasamy

Consultant at Thoughtworks with 7 years of experience as Quality Analyst. He likes to talk about application security & best practices. Basically a security freak ;)

Slides

https://drive.google.com/file/d/1L-VOdxP1Q65awmrEuD4g1JUFGyG60kK-/view?usp=sharing

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}