Automated Serverless Security Testing: Delivering Secure Apps Continuously

Explore the world of automated serverless security testing in this 50-minute OWASP Foundation talk by Tal Melamed, Senior Director of Cloud Native Security Research at Contrast Security. Dive into the challenges and opportunities of securing serverless applications in cloud-native environments. Learn about common risks in serverless architectures, limitations of traditional testing methodologies, and discover a frictionless approach to automatically testing serverless applications without scripts or delays. Gain insights into event-driven architectures, AWS Lambda environments, and the evolving application security landscape. Witness a demo showcasing lost perimeter scenarios and security risks at scale. Understand the importance of infrastructure as code, cloud monitoring, and how to overcome AppSec limitations in serverless contexts. By the end of this talk, equip yourself with knowledge to deliver secure applications continuously in a serverless world.

Introduction
Tals background
About Serverless
Cloud Native Transformation
What is Cloud Native
Security in Serverless
Eventdriven architecture
AWS Lambda environment
Serverless security
Application security landscape
Demo
Lost Perimeter
Security Risks
Security Scale
Traditional Testing
Traditional Problems
Server Authentication
Testing
Infrastructure as Code
AppSec Limitations
SAS Limitations
SAS Last Resort
Cloud Monitoring
Cloud Monitoring Example
Top 10 Project