Pipelines and Serverless and Automation, Oh My!

Presented at ShellCon 2021 Virtual, Oct. 9, 2021, 1 p.m. (55 minutes)

In this presentation, we'll share the basics of dev-focused tools and tech, and their security implications. You may never have to create a CI/CD pipeline or serverless function, but we'll help you understand what it is, how it's used in the real world, and how it can be compromised. So many buzzwords, so little time!

Presenters:

• Jonn Callahan
  Jonn is a Lead Scientist at Security Risk Advisors (SRA), focusing on appsec, secure development, cloud architecture, and containerization. While Python was his first love, Golang has become a recent mistress. He also runs a Kubernetes cluster at home, because yes: masochism is alive and well.
• Evan Perotti
  Evan Perotti is a Lead Scientist at Security Risk Advisors (sra.io) that specializes in offensive security operations.
• Cassandra Young / muteki   as Cassandra Young
  Cassandra is a Senior Scientist at Security Risk Advisors, focusing on Cloud Security architecture and engineering. She's a Masters student in Computer Science, with research on serverless/microservices security, cloud-based app development, and privacy & anonymity technologies. She is also one of the directors of Blue Team Village.

Links:

• https://shellcon.io/talks/2021/pipelines-and-serverless-and-automation/
• https://downloads.shellcon.io/slides/2021/pipelines-and-serverless-and-automation-shellcon2021.pdf

Similar Presentations:

• AppSec USA 2016 / Serverless Security: Doing Security in 100 milliseconds
• SAINTCON 2019 / Serverless Security 101
• Texas Cyber Summit 2019 / SS-2048 FaaS track to serverless security