Discover the top 10 security issues in serverless architecture and their protection patterns in this 39-minute video presentation. Explore OWASP-based research focusing on AWS serverless security for 2023. Gain insights into critical topics such as denial of wallet attacks, event injection in Lambda functions, misconfiguration and drift detection, weak access controls, and cloud misconfiguration issues. Delve into serverless application patterns for production, image recognition, and CI/CD environments. Learn about Node.js Event Loop for timing attacks, Lambda antipatterns and protection strategies, backdooring and exploiting AWS ECR, Lambda code/S3/DynamoDB dumping, offensive infrastructure as code, and Cloud Formation resource injection. Understand cloud drift detection and its importance in maintaining a secure serverless environment.
Serverless TOP 10 Security Issues and Protection Patterns for AWS - 2023
Hackitect's playground via YouTube
Overview
Syllabus
Intro
Azure is the sky or not?
Welcome to AWSome security space
Superglue
What is serverless? @
Serverless application patterns - production
Serverless application patterns - image recogntion
Serverless application patterns - CI/CD
User recommendations
Serverless TOP 10 - Hackitected
Event injection in detail
Denial of Wallet attacks
Node.js Event Loop for Timing Attack
Preventing DoW attacks
Lambda antipatters and protection
Backdooring and exploiting AWS ECR
Lambda code / S3 / DynamoDB dumping
Offensive infrastructure as code
Cloud formation resource injection
Cloud drift detection
Taught by
Hackitect's playground
Related Courses
-
Building Modern Python Applications on AWS
-
Building Modern Java Applications on AWS
-
Modern Application Development with Java on AWS
-
Automated Serverless Security Testing: Delivering Secure Apps Continuously
-
Serverless Security: Functions-as-a-Service (FaaS) - Challenges and Best Practices
-
Real World Serverless - Architecture, Patterns and Lessons Learned
