Channel: GOTO Conferences

Category: Science & Technology

Tags: itay rozenmangotopiaserverlessvideos for developerscloud nativegoto copenhagensecurityserverless architecturelambdagotogoto conferencecomputer sciencedevopsgoto (software conference)software engineeringgotocphdevsecopsawsgotoconprogramminglambda functions

Description: This presentation was recorded at GOTO Copenhagen 2021. #GOTOcon #GOTOcph gotocph.com Itay Rozenman - Senior director of engineering at Contrast Security ABSTRACT Serverless technology eliminates the need for development teams to provision servers, and it also results in some security threats being passed to the cloud provider. This frees up the developers to concentrate on building logic and producing value quickly. But cloud functions still execute code. If the software is written poorly, it can lead to a cloud disaster. What are the new challenges that organisation now faces? In many organisations, the application security team struggles to keep up with the speed of development in a serverless environment. Traditional testing tools not only provide very limited coverage, but also slow development cycles unacceptably. Serverless code contains a mixture of cloud configurations and application programming interfaces. As a result, legacy solutions lack the context that is necessary in a serverless environment, and the consequence is a lack of observability and slower response times. Fortunately, it does not have to be this way. Organisations can leverage robust security during serverless development [...] TIMECODES 00:00 Intro 01:06 Cloud native is the future of app development 01:37 Cloud native transformation has begun 02:09 More than a technology shift 04:09 Serverless architecture 05:03 What is serverless? 06:48 What about security? 07:42 Resource-based IAM 11:33 Loss of perimeter 12:43 Serverless risks 15:43 OWASP serverless top 10 16:08 Demo 21:09 Scale 21:48 Traditional AppSec testing for cloud native 22:55 Traditional testing in modern CI/CD pipelines 24:26 iRobot serverless app 25:17 SCA & image scanning 25:57 Infrastructure as code 26:33 IAST 26:58 SAST 27:22 DAST 27:57 AppSec testing, redefined for the cloud 29:20 Example use case 31:52 One DevSecOps platform 32:40 Outro Download slides and read the full abstract here: gotocph.com/2021/sessions/1944/serverless-security-new-risks-require-new-approaches RECOMMENDED BOOKS Aaron Parecki • OAuth 2.0 Simplified • amzn.to/2A3IMOf Aaron Parecki • OAuth 2.0 Servers • amzn.to/3ecHEsz Aaron Parecki • The Little Book of OAuth 2.0 RFCs • amzn.to/3i7qnlC Erdal Ozkaya • Cybersecurity: The Beginner's Guide • amzn.to/2T6OIj3 Richer & Sanso • OAuth 2 in Action • amzn.to/3hXiAH6 Scott Patterson • Learn AWS Serverless Computing • amzn.to/3upsNnH Peter Sbarski • Serverless Architectures on AWS • amzn.to/3HrhVZZ Adzic & Korac • Running Serverless • amzn.to/3ytdF7o twitter.com/GOTOcon linkedin.com/company/goto- facebook.com/GOTOConferences #Serverless #Security #Programming #ContrastSecurity #CloudEssence #CiscoCloudlock #Cloudlock #CloudNative #Cloud #DigitalTransformation #ServerlessArchitecture #DevOps #DevSecOps #Lambda #LambdaFunction #AWS #OWASP Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at gotopia.tech SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. youtube.com/user/GotoConferences/?sub_confirmation=1