Overview
Explore serverless attack vectors in this 48-minute RSA Conference talk by Teri Radichel, CEO of 2nd Sight Lab. Gain insights into the security landscape of serverless architectures and learn about potential attack methods in this emerging environment. Discover how to attack and defend serverless infrastructure and applications, covering topics such as misconfigurations, software vulnerabilities, injection attacks, cross-site scripting, and subdomain takeovers. Examine service architectures, cloud provider trust, OS and US Top 10 security issues, encryption, networking, API gateways, and deployment systems. Witness a demo on querying and understand the importance of threat modeling in serverless computing. Suitable for those with a general understanding of breaches and basic awareness of simple code concepts.
Syllabus
Introduction
Mistakes Happen
What is Serverless
Service Architectures
Under the Hood
Trust the Cloud Provider
What to worry about
Misconfigurations
Software
OS Top 10
Injection Attack
Error Message
Cross Site Scripting
Swagger
Swagger UI
US Top 10
Cloud
Persistence
Server List
Lambda Functions
Encryption
Networking
Server list frameworks
API gateways
CDN
Lambda at Edge
Amazon Cognito
Databases
Subdomain Takeover
Deployment Systems
Service Monitoring
Threat Modeling
Demo
Querying
Taught by
RSA Conference