Serverless Security: Overcome Architectural Security Challenges

[presentation]

Eric Sheridan

Agile + DevOps East 2018

Summary:

Serverless architectures take the idea of microservices to the extreme. To implement secure serverless architectures, you have to understand how to compartmentalize programs at the function level. You also need to factor in security practices: Serverless architectures are susceptible to traditional attacks such as SQL injection and command injection, along with a wide variety of privilege escalation and sensitive data disclosure attacks. Developers must consider what would happen if an attacker attempted to invoke each of their functions directly. What if one of those functions were to become nonresponsive? Designing, implementing, and maintaining serverless architectures dramatically increases the complexity of security. Join Eric Sheridan as he discusses how to implement distributed, secure identity management and entitlement enforcement across 250+ functions. Eric will present a serverless security checklist, explain why serverless architectures increase the complexity of security, and show how to spot security vulnerabilities. You'll leave with proven strategies to overcome architectural security challenges.

File:

Download PDF

Tags:

cloud

About the Presenter

As chief scientist at WhiteHat Security, Eric oversees research and development for Sentinel Source and related products. Eric leads the WhiteHat Certified Secure Developer (WCSD) program, a free training program designed to educate and certify developers on secure coding and application security best practices. Prior to joining WhiteHat, Eric cofounded Infrared Security, specializing in application security and next-generation static analysis technologies that were ultimately integrated within WhiteHat Sentinel Source. He earned a bachelor of science degree in computer science with a track in security from Towson University.

Upcoming Events

Apr 27	STAREAST Software Testing Conference in Orlando & Online
Jun 08	AI Con USA An Intelligence-Driven Future
Sep 21	STARWEST Software Testing Conference in Anaheim & Online

Recommended Web Seminars

Dec 05	Unlocking the Future of Testing: How AI is Revolutionizing Software Quality
On Demand	Building Confidence in Your Automation
On Demand	Leveraging Open Source Tools for DevSecOps
On Demand	Five Reasons Why Agile Isn't Working
On Demand	Building a Stellar Team

See All

Featured Resources

Introduction to Containers eGuide | TechWell

Scrum Master Essentials eGuide | TechWell

Navigating Industry Complexities with SAP Solutions and Testing Strategies | ImpactQA

The Buyer’s Guide to AI-Powered End-to-End Testing Platforms | Applitools

Test Automation eGuide | TechWell

Visit Our Other Communities

Where configuration management and development professionals go for answers on SCM, ALM, change management, DevOps, tools and more.

The home for software testing and QA professionals—practical advice on test automation, test management, test techniques, and more.