OWASP Serverless Top 10 - Security Risks and Protections

Explore the OWASP Serverless Top 10 project in this conference talk from OWASP Global AppSec Tel Aviv. Dive into the unique security challenges presented by serverless architectures and learn how they differ from traditional application development. Discover why serverless functions, despite shifting some security responsibilities to infrastructure providers, still require vigilant protection against application-level attacks. Examine each of the top 10 risks identified in the project, understanding their implications and how to effectively safeguard applications against them. Get introduced to OWASP DVSA, a deliberately vulnerable tool designed to enhance understanding of serverless security for both security professionals and developers. Gain insights from Tal Melamed, Head of Security Research at Protego Labs, as he shares his expertise in offensive and defensive security for serverless technology, drawing from over 15 years of experience in security research and vulnerability assessment.

Introduction
Security
Service
Report
Code Injection
Permissions
Demo
Child process
Broken authentication
API Gateway
AWS
Risk
Excel
Command Injection
Crosssite scripting
Dependencies
Logging Monitoring
Architecture of Several