Presented at
Black Hat USA 2017,
July 26, 2017, 1:30 p.m.
(50 minutes).
Serverless technology is getting increasingly ubiquitous in the enterprise and startup communities. As micro-services multiply and single purpose services grow, how do you audit and defend serverless runtimes? The advantages of serverless runtimes are clear: increased agility, ease of use, and ephemerality (i.e., not managing a fleet of "pet" servers). There is a trade off for that convenience though - reduced transparency. In this talk, we will deep dive into both public data and information unearthed by our research to give you the full story on serverless, how it works, and attack chains in the serverless cloud(s) Azure, AWS, and a few other sandboxes. Who will be the victor in the great sandbox showdown?
Presenters:
-
Graham Jones
- Software Developer, Legitscript
Graham Jones is a software developer for LegitScript. Jones comes from a liberal arts background and works on platform to make the Internet a safer, more transparent, and more independent place than we found it.
-
Andrew Krug
- Security Engineer, Mozilla
Andrew Krug is a Security Engineer for Mozilla Corporation working on Cloud Security and Identity and Access Management. Krug also works as a Cloud Security consultant and started the ThreatResponse project a toolkit for Amazon Web Services first responders. Krug has been a speaker at Black Hat USA, DerbyCon, and BSides PDX.
Links:
Similar Presentations: