OWASP Nashville Chapter Meeting: Serverless Security for Dummies

Tal Melamed will be our guest speaker in October. As Head of Security Research at Protego Labs, for the past two years, Tal Melamed has been experimenting in offensive and defensive security for serverless technology. He specializes in AppSec with more than 15 years of experience in security research and vulnerability assessment. Tal is also the leader and creator of the OWASP Serverless Top 10 and DVSA projects, and is a frequent speaker at security conferences, including DEF CON, DerbyCon, OWASP, BSides and more. You can follow Tal on Twitter at @_nu11p0inter.

Topic: Serverless Security for Dummies

In moving to serverless technology, such as AWS Lambda or Azure Functions, we shift some security responsibilities to the infrastructure provider by eliminating the need to manage servers. Unfortunately, that doesn’t mean we’re entirely absolved of all security duties. Serverless functions still execute code and can still be vulnerable to application-level attacks. As a new type of architecture, serverless presents new security challenges. Some are equal to traditional application development, but some take a new form. Attackers are thinking differently, and developers must do so as well to gain the upper hand.

In this talk, Tal Melamed will dive into serverless risks. Discussing why they are different from traditional attacks, how to exploit them and how we should protect our application against them.