Serverless Security - New Risks Require New Approaches
Offered By: GOTO Conferences via YouTube
Course Description
Overview
Explore serverless security challenges and new approaches in this conference talk from GOTO Copenhagen 2021. Dive into the world of cloud-native development and serverless architecture, understanding their impact on traditional security models. Learn about resource-based IAM, loss of perimeter, and specific serverless risks. Examine the OWASP serverless top 10 and witness a live demo. Discover how traditional AppSec testing methods fall short in modern CI/CD pipelines and cloud-native environments. Gain insights into innovative security solutions for serverless applications, including SCA, image scanning, infrastructure as code, IAST, SAST, and DAST. Explore real-world use cases and the concept of a unified DevSecOps platform to address the unique security challenges of serverless computing.
Syllabus
Intro
Cloud native is the future of app development
Cloud native transformation has begun
More than a technology shift
Serverless architecture
What is serverless?
What about security?
Resource-based IAM
Loss of perimeter
Serverless risks
OWASP serverless top 10
Demo
Scale
Traditional AppSec testing for cloud native
Traditional testing in modern CI/CD pipelines
iRobot serverless app
SCA & image scanning
Infrastructure as code
IAST
SAST
DAST
AppSec testing, redefined for the cloud
Example use case
One DevSecOps platform
Outro
Taught by
GOTO Conferences
Related Courses
Cloud Computing Applications, Part 1: Cloud Systems and InfrastructureUniversity of Illinois at Urbana-Champaign via Coursera Intro to Cloud Computing
Udacity Building Modern Python Applications on AWS
Amazon Web Services via edX Building Modern Java Applications on AWS
Amazon Web Services via edX Building Modern Nodejs Applications on AWS
Amazon Web Services via edX