Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Doing Security in 100 Milliseconds - The Speed of Serverless Computing

LASCON via YouTube

Overview

Explore the security implications of serverless computing in this 46-minute LASCON conference talk. Dive into the challenges and opportunities presented by serverless architectures, including AWS Lambda, Azure Functions, and Google Cloud Functions. Learn how traditional security approaches must adapt to this new paradigm where processes run for milliseconds before being destroyed. Discover practical security strategies focusing on four key areas: software supply chain, delivery pipeline, data flow, and attack detection. Gain insights into serverless adoption patterns and witness a live demo of building and securing a complete serverless application. Whether you're a C-level executive or a developer, acquire valuable knowledge about serverless security principles and practices applicable to your role.

Syllabus

Intro
Serverless encourages functions as deploy units, coupled with third party services that allow running end-to-end applications without worrying about system operation. New serverless patterns are just emerging Security with serverless is easier Security with serverless is harder
MISCONCEPTIONS
IT'S MARKETING (CLOUD REBRANDED)
SERVERLESS == CLOUD
Serverless was first used to describe applications that significantly or fully depend on 3rd party applications / services ('in the cloud') to manage server-side logic and state.
SERVERLESS IS (NO MANAGEMENT OF) SERVERS
OPINIONATED FRAMEWORK FOR COMPUTE
PRIVATE CLOUD
THEN, ALONG CAME CONTAINERS
CONTAINERS ARE TEH HAWTNESS
SCALING BUILT IN
PAY FOR WHAT YOU USE IN 100MS INCREMENTS
WITH SERVERLESS SYSTEM ADMINISTRATION IS (MOSTLY) LOWER
LEAN STARTUP FRIENDLY
GREAT, WHAT'S THE CATCH?
OPS BURDEN TO RATIONALIZE SERVERLESS MODEL (SPECIFICALLY DEPLOY)
STATELESS FOR REAL NO MEMORY PERSISTENCE ACROSS FUNCTION RUNS
RELIABILITY
SERVERLESS USE CASES
RUN A WEB APPLICATION
SECURITY IS THE SAME AND DIFFERENT
WHAT USED TO BE SYSTEM CALLS IS NOW DISTRIBUTED COMPUTING OVER THE NETWORK
SERVERLESS SHIFTS ATTACK SURFACE TO THIRD PARTIES
LETS TRY A SAMPLE APPLICATION IN AWS
SURFACE AREA REDUCTION!
SURFACE AREA EXPANSION!
USE A THIRD-PARTY SERVICE FOR CONFIG CHANGES
INTEGRATION TESTING
Application layer
TIMEOUTS AND EXECUTION RESTRICTIONS
Serverless encourages functions as deploy units, coupled with third party services that allow running end-to-end applications without worrying about system operation. • New serverless patterns are just emerging • Security with serverless is easier Security with serverless is harder

Taught by

LASCON

Reviews

Start your review of Doing Security in 100 Milliseconds - The Speed of Serverless Computing

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.