Doing Security in 100 Milliseconds - The Speed of Serverless Computing
Offered By: LASCON via YouTube
Course Description
Overview
Syllabus
Intro
Serverless encourages functions as deploy units, coupled with third party services that allow running end-to-end applications without worrying about system operation. New serverless patterns are just emerging Security with serverless is easier Security with serverless is harder
MISCONCEPTIONS
IT'S MARKETING (CLOUD REBRANDED)
SERVERLESS == CLOUD
Serverless was first used to describe applications that significantly or fully depend on 3rd party applications / services ('in the cloud') to manage server-side logic and state.
SERVERLESS IS (NO MANAGEMENT OF) SERVERS
OPINIONATED FRAMEWORK FOR COMPUTE
PRIVATE CLOUD
THEN, ALONG CAME CONTAINERS
CONTAINERS ARE TEH HAWTNESS
SCALING BUILT IN
PAY FOR WHAT YOU USE IN 100MS INCREMENTS
WITH SERVERLESS SYSTEM ADMINISTRATION IS (MOSTLY) LOWER
LEAN STARTUP FRIENDLY
GREAT, WHAT'S THE CATCH?
OPS BURDEN TO RATIONALIZE SERVERLESS MODEL (SPECIFICALLY DEPLOY)
STATELESS FOR REAL NO MEMORY PERSISTENCE ACROSS FUNCTION RUNS
RELIABILITY
SERVERLESS USE CASES
RUN A WEB APPLICATION
SECURITY IS THE SAME AND DIFFERENT
WHAT USED TO BE SYSTEM CALLS IS NOW DISTRIBUTED COMPUTING OVER THE NETWORK
SERVERLESS SHIFTS ATTACK SURFACE TO THIRD PARTIES
LETS TRY A SAMPLE APPLICATION IN AWS
SURFACE AREA REDUCTION!
SURFACE AREA EXPANSION!
USE A THIRD-PARTY SERVICE FOR CONFIG CHANGES
INTEGRATION TESTING
Application layer
TIMEOUTS AND EXECUTION RESTRICTIONS
Serverless encourages functions as deploy units, coupled with third party services that allow running end-to-end applications without worrying about system operation. • New serverless patterns are just emerging • Security with serverless is easier Security with serverless is harder
Taught by
LASCON
Related Courses
Comparing WAF and RASP - Why?LASCON via YouTube API Security - Is it the New Application Attack Surface and How to Secure at Enterprise Scale
LASCON via YouTube Privacy Impact Assessments - How Much Privacy Is Enough?
LASCON via YouTube Your Frontier Defense - Understanding Web Application Firewalls
LASCON via YouTube Doing This One Crazy Thing Will Change Your AppSec Program Forever
LASCON via YouTube