An Attacker's View of Serverless and GraphQL Apps

Explore the security vulnerabilities of serverless and GraphQL applications in this 55-minute conference talk from AppSecCali 2019. Gain insights into the attacker's perspective as Abhay Bhargav, CTO of we45, delves into the potential exploits and attack vectors targeting these emerging technologies. Learn about Function Event Injection, JWT attacks, NoSQL Injection, and privilege escalation in serverless environments. Discover the unique security challenges posed by GraphQL, including injection attacks, nested resource exhaustion, and authorization flaws. Watch live demonstrations of practical attacks against serverless and GraphQL-driven applications, and understand how these vulnerabilities can compromise sensitive information and provide deeper access to cloud components. Equip yourself with valuable knowledge to better secure distributed applications in the evolving landscape of cloud computing and API technologies.