Serverless Security - New Risks Require New Approaches
Offered By: GOTO Conferences via YouTube
Course Description
Overview
Explore serverless security challenges and new approaches in this conference talk from GOTO Copenhagen 2021. Dive into the world of cloud-native development and serverless architecture, understanding their impact on traditional security models. Learn about resource-based IAM, loss of perimeter, and specific serverless risks. Examine the OWASP serverless top 10 and witness a live demo. Discover how traditional AppSec testing methods fall short in modern CI/CD pipelines and cloud-native environments. Gain insights into innovative security solutions for serverless applications, including SCA, image scanning, infrastructure as code, IAST, SAST, and DAST. Explore real-world use cases and the concept of a unified DevSecOps platform to address the unique security challenges of serverless computing.
Syllabus
Intro
Cloud native is the future of app development
Cloud native transformation has begun
More than a technology shift
Serverless architecture
What is serverless?
What about security?
Resource-based IAM
Loss of perimeter
Serverless risks
OWASP serverless top 10
Demo
Scale
Traditional AppSec testing for cloud native
Traditional testing in modern CI/CD pipelines
iRobot serverless app
SCA & image scanning
Infrastructure as code
IAST
SAST
DAST
AppSec testing, redefined for the cloud
Example use case
One DevSecOps platform
Outro
Taught by
GOTO Conferences
Related Courses
Addressing Algorithmic BiasGOTO Conferences via YouTube Empowering Consumers - Evolution of Software in the Future
GOTO Conferences via YouTube Why Static Typing Came Back
GOTO Conferences via YouTube Higher Kinded Types in a Lower Kinded Language - Functional Programming in Kotlin
GOTO Conferences via YouTube It's Not Hard to Test Smart - Delivering Customer Value Faster
GOTO Conferences via YouTube