Presented at
Black Hat Europe 2019,
Dec. 5, 2019, 2:15 p.m.
(50 minutes).
When adopting serverless technology, we eliminate the need to manage a server for our application. By doing so, we also pass some of the security threats to the cloud provider. We do not need to care about OS patching and configuration any more. It's all in the safe hands of the service providers.
However, Serverless function still executes code. If written poorly, it can lead into a cloud disaster. One particular example is the injection attacks. Yes, injection attacks nothing new. But, what happens when there is no longer a perimeter?
In this talk, I will examine the Serverless #1 risk: Event injection and will demonstrate injection attacks form multiple event types, such as emails, logs, files and even through Alexa.
Presenters:
-
Tal Melamed
- Head of Security Research, Protego Labs
<span>In the past two years, Tal Melamed has been experimenting in offensive and defensive security for the serverless technology, as part of his role as Head of Research at Protego Labs. He has over 15 years of experience in security research and vulnerability assessment, previously working for organizations such as Synack, AppSec Labs, CheckPoint, and RSA. His credibility and experience has provided him with opportunities to speak at prestigious venues including DEFCON, DerbyCon, RSA and OWASP US/EU and many more. Tal is also the leader and creator of the OWASP Serverless Top 10 and DVSA projects and a part-time faculty at the cybersecurity Master's program at Quinnipiac University.</span>
Links:
Similar Presentations: