Security in the FaaS Lane presented at DevOpsDaysAustin 2019

by Karthik Wickett,

Summary : Security in FaaS isn't what we are used to, but this talk shows you how what we learned in appsec still applies. Using LambHack, which is a vulnerable serverless application written in Go on AWS Lambda using Sparta, we will evaluate how to do security in serverless.In this talk, we will talk about security strategies and pitfalls in the serverless world. You'll leave with an understanding of how to approach security conversations about serverelTalk goals:- How to approach the security concerns in a serverless world.- Talk about the 'WIP' methodology for serverless security.- Understand current serverless attacks for things to defend against.- Learn what different cloud providers (AWS/GKE/Azure/Oracle Cloud) do to protect you in a serverless world.