"Following my in-depth research on AWS security, I dug into serverless computing with some good results. In this presentation, expect:
* my findings on publishing malicious NPM packages to smuggle malicious code into legitimately looking dependencies
* examples of validation errors in serverless applications, including event injection and Denial of Wallet attacks in open source projects
* privilege escalation and taking control over the whole AWS environment using RCE in a fugacious, serverless environment
* insecure default settings of common serverless frameworks
* lots of demos
* lots of fun 🙂
I’ll also discuss how to prevent those attacks and how to detect them using native AWS monitoring services."
"I'm a senior security consultant in SecuRing. I have a wide experience in security field gained inter alia, as a fuzzer developer in Spirent, pentester in EY GSS, security auditor in Credit Agricole or threat analyst in IBM SOC. My skills are proven by gaining OSCP and eMAPT certificates. I actively support OWASP community as a one of top contributors in OWASP MSTG project and by arranging local OWASP chapter meetings in Wroclaw."
Please register here: https://securing.clickmeeting.com/open-gates-to-your-serverless-infrastructure-and-how-to-secure-them-/register/
Are you interested in Finnish innovations, like IoT, blockchain, healthtech and many more? Check out Shift in Turku - https://theshift.fi/!
It is less crowded than Slush and weather will be nicer than in November...
Use the discount code "ScandinavianBusinessHub" to get 10 % discount on your tickets!
By the way, early bird prices are valid till the end of January (Finnish time).
See you in Turku!