Serverless Security: Attackers and Defenders | SANS Cloud Security Summit 2019

Channel:
United States SANS Institute
Subscribers:
64,000
Published on ● Video Link: https://www.youtube.com/watch?v=PowTSk6iOGY


Duration: 37:06
1,381 views
34

In serverless applications, the cloud provider is responsible for securing the underlying infrastructure, from the data centers all the way up to the container and run-time environment. This relieves much of the security burden from the application owner, but it also poses many unique challenges when it comes to securing the application layer. In this presentation, we will discuss the most critical challenges related to securing serverless applications, from development to deployment. We will also walk through a live demo of a realistic serverless application that contains several common vulnerabilities, and see how they can be exploited by attackers and how to secure them. We will also use examples from a recent story published in Dark-Reading magazine on how we hacked a real-world serverless application and won the $1,000 bounty!

Ory Segal (@orysegal), CTO, PureSec

View upcoming Summits: http://www.sans.org/u/DuS



Other Videos By SANS Institute


2020-03-18Securely Working Remotely
2020-03-18Creating a Cyber Secure Home
2020-03-18Detecting and Defending Social Engineering Attacks
2020-03-18Deployment Kit for Securing Your Workforce at Home
2020-03-18Understanding SANS CyberCast - So Much More Than Live Virtual Training
2020-03-17OUTFIGHT: Leveraging Automation & Machine Learning
2020-03-17OUTMANEUVER: Changing the Attack Surface
2020-03-17OUTPERFORM: Strategies to Get in Front of Attacks
2020-03-17Moving Past Just Googling It: Harvesting and Using OSINT | SANS@MIC Talk
2020-03-16Weaponizing the Deep Web | SANS OSINT Summit 2020
2020-03-09Serverless Security: Attackers and Defenders | SANS Cloud Security Summit 2019
2020-03-03This Will Never Work: Tales from Disappointingly Successful Pen Tests | SANS SOC Summit 2019
2020-02-25Rapid Recognition and Response to Rogues | SANS Security Operations Summit 2019
2020-02-18Learning from Breach Reports to Improve Cross-platform Endpoint Monitoring | SANS SOC Summit 2019
2020-02-13Cyber Threats to Electric Industry - What You Need to Know | STAR Webcast
2020-02-10Cloud Security Automation: From Infrastructure to App | SANS Cloud Security Summit 2019
2020-02-03Virtuous Cycles: Rethinking the SOC for Long-Term Success | SANS Security Operations Summit 2019
2020-01-31Build Effective Cybersecurity Team Skills | SANS Team-Based Training
2020-01-30The State of Cloud Security: How Does Your Organization Compare? | SANS Cloud Security Summit 2019
2020-01-27A SOC Technology/Tools Taxonomy – And Some Uses for It | SANS Security Operations Summit 2019
2020-01-24Who Done It? Gaining Visibility and Accountability in the Cloud | SANS Cloud Security Summit


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training
cloud
cloud security
cloud security summit
Ory Segal