Explore the top 10 serverless security concerns in this comprehensive conference talk from BSides Tampa 2019. Delve into crucial topics such as event injection, broken authentication, sensitive data exposure, XML external entity vulnerabilities, broken access control, security misconfigurations, and cross-site scripting. Learn about additional entry points like MQTT, SES, and SNS, and understand the risks associated with insecure deserialization and insufficient logging and monitoring. Gain valuable insights to enhance your serverless security practices and discover resources for further learning in this 52-minute presentation by Tal Melamed.
Overview
Syllabus
Intro
The Evolution of the Cloud
Event Injection
Broken Authentication
SLS3: Sensitive Data Exposure
XML External Entity
Broken Access Control
Security Misconfiguration
Cross-Site Scripting • More incoming entry points - MQTT, SES, SNS
Insecure Deserialization
Insufficient Logging & Monitoring
Want to learn more?
