YoVDO

Doing Security in 100 Milliseconds - The Speed of Serverless Computing

Offered By: LASCON via YouTube

Tags

LASCON Courses Cloud Computing Courses System Administration Courses Serverless Computing Courses Integration Testing Courses

Course Description

Overview

Explore the security implications of serverless computing in this 46-minute LASCON conference talk. Dive into the challenges and opportunities presented by serverless architectures, including AWS Lambda, Azure Functions, and Google Cloud Functions. Learn how traditional security approaches must adapt to this new paradigm where processes run for milliseconds before being destroyed. Discover practical security strategies focusing on four key areas: software supply chain, delivery pipeline, data flow, and attack detection. Gain insights into serverless adoption patterns and witness a live demo of building and securing a complete serverless application. Whether you're a C-level executive or a developer, acquire valuable knowledge about serverless security principles and practices applicable to your role.

Syllabus

Intro
Serverless encourages functions as deploy units, coupled with third party services that allow running end-to-end applications without worrying about system operation. New serverless patterns are just emerging Security with serverless is easier Security with serverless is harder
MISCONCEPTIONS
IT'S MARKETING (CLOUD REBRANDED)
SERVERLESS == CLOUD
Serverless was first used to describe applications that significantly or fully depend on 3rd party applications / services ('in the cloud') to manage server-side logic and state.
SERVERLESS IS (NO MANAGEMENT OF) SERVERS
OPINIONATED FRAMEWORK FOR COMPUTE
PRIVATE CLOUD
THEN, ALONG CAME CONTAINERS
CONTAINERS ARE TEH HAWTNESS
SCALING BUILT IN
PAY FOR WHAT YOU USE IN 100MS INCREMENTS
WITH SERVERLESS SYSTEM ADMINISTRATION IS (MOSTLY) LOWER
LEAN STARTUP FRIENDLY
GREAT, WHAT'S THE CATCH?
OPS BURDEN TO RATIONALIZE SERVERLESS MODEL (SPECIFICALLY DEPLOY)
STATELESS FOR REAL NO MEMORY PERSISTENCE ACROSS FUNCTION RUNS
RELIABILITY
SERVERLESS USE CASES
RUN A WEB APPLICATION
SECURITY IS THE SAME AND DIFFERENT
WHAT USED TO BE SYSTEM CALLS IS NOW DISTRIBUTED COMPUTING OVER THE NETWORK
SERVERLESS SHIFTS ATTACK SURFACE TO THIRD PARTIES
LETS TRY A SAMPLE APPLICATION IN AWS
SURFACE AREA REDUCTION!
SURFACE AREA EXPANSION!
USE A THIRD-PARTY SERVICE FOR CONFIG CHANGES
INTEGRATION TESTING
Application layer
TIMEOUTS AND EXECUTION RESTRICTIONS
Serverless encourages functions as deploy units, coupled with third party services that allow running end-to-end applications without worrying about system operation. • New serverless patterns are just emerging • Security with serverless is easier Security with serverless is harder


Taught by

LASCON

Related Courses

Comparing WAF and RASP - Why?
LASCON via YouTube API Security - Is it the New Application Attack Surface and How to Secure at Enterprise Scale
LASCON via YouTube Privacy Impact Assessments - How Much Privacy Is Enough?
LASCON via YouTube Your Frontier Defense - Understanding Web Application Firewalls
LASCON via YouTube Doing This One Crazy Thing Will Change Your AppSec Program Forever
LASCON via YouTube