Explore the challenges and solutions for defending serverless infrastructure in the cloud in this 52-minute technical session from the RSA Conference. Learn about real-world attacks on cloud workloads and discover effective security controls to protect your serverless environment. Gain insights into inventorying, scanning, and monitoring thousands of short-lived functions. Examine topics such as establishing function reverse shells, serverless execution environments, secrets management, credential pivoting, malware persistence, network integration options, and access control rules. Understand the importance of audit logging, flow logs, and private endpoints in securing serverless infrastructure. Requires a general understanding of cloud, serverless, and DevOps concepts, as well as familiarity with OWASP Serverless Top 10 and various cloud security services.
Defending Serverless Infrastructure in the Cloud
Overview
Syllabus
Intro
Cloud Serverless Infrastructure
Puma Security: Serverless Prey
Establishing The Function Reverse Shell
Serverless Execution Environment
Default Function Execution Networking
Serverless Secrets Management Options
Serverless Secrets: Where is the Source Code?
GCP Function: Source Code Example
GCP Function: Configuration File Example
Azure Function: Environment Variable Example
Serverless Execution Role
Serverless Account Credential Storage
Azure Managed Service Identity Token
Function Credential Pivoting
Serverless Function Credential Lifetime
Function Malware Persistence Example
Serverless Function Persistence Lifetime
Function Credential Audit Logging
Function Network Integration Options
Function Network Integration Benefits
Function Network Integration Example
Function Network Access Control Rules
Function Network Flow Logs
Function Private Endpoints
Taught by
RSA Conference
