Partner event: Serverless December

Real World Serverless - London
Real World Serverless - London
Public group

Cloudflare

Belvedere Rd · London

How to find us

6th floor

Location image of event venue

Details

This event is in partnership with Serverless London meetup. Check them out: https://www.meetup.com/Serverless-London

Serverless December is here! Cloudflare is hosting us at their offices in County Hall.

We have talks from Sven Sauleau, Ben Ellerby and a reInvent Serverless reCap.

Agenda:
18:30 - Doors Open - Drinks and networking
19:00 - Introductions
19:10 - Sven Sauleau - Lessons learned from building Cloudflare's HTMLRewriter

19:40 - Ben Ellerby - Don't be SecureLess: Best practices for keeping your Lambdas secure.

20:10 - Break

20:30 - reInvent reCap - Talk focusing on reInvent and the serverless announcements

21:00 - End

Talks:

Sven Sauleau - Lessons learned from building Cloudflare's HTMLRewriter

Sven is currently working on Cloudflare's HTMLRewriter and he'd like to share some of his key learnings and challenges he's come across in engineering this feature.

Sven Sauleau is a French software engineer working on the Cloudflare Workers. He is a contributor to Babel, webpack, WebAssembly, Rust and JavaScript itself.

Ben Ellerby - Don't be SecureLess: Best practices for keeping your Lambdas secure.

One of the benefits of Serverless architectures, and AWS Lambda specifically, is that there is #NoOps required to get your code live. You provide the code and deployment, patching and hardware are abstracted away from you.

The issue is, there is still a server. Hot lambda invocations (invoking the function while the cloud provider has your runtime and code provisioned) can allow information leaking across lambda invocations, networks are still a thing, underlying operating systems change and you’re adding code dependencies.

From experience on several serverless projects, this talk will provide a checklist of security concerns to look out for on Serverless projects. We will cover temporary storage, the granularity of Lambas, IAM policies, observability, API Gateway, and the OWASP Top Ten.

Serverless architectures reduce a lot of the ops and patching work needed to ensure security and availability. That said, they also introduce new attack vectors that are not as well known, simplicity lets you get away without knowing how the underlying machine is working and security basics don’t go away.

Ben is VP of Engineering at Theodo UK, editor of the Serverless Transformation blog (https://medium.com/serverless-transformation) and joining the Serverless User Group organising team.

This event is in partnership with Serverless London meetup. Check them out: https://www.meetup.com/Serverless-London