Overview
Explore the security implications of serverless computing in this 30-minute OWASP AppSec EU 2018 conference talk. Delve into the challenges and risks associated with serverless environments, including Amazon Lambda, Google Cloud Functions, and Azure Functions. Learn about the first-ever Remote Code Execution (RCE) attack in a serverless environment, demonstrating information extraction, exfiltration, and payload persistence. Discover how command injection can be exploited to gather sensitive data, persist payloads in non-persistent environments, and infect co-located functions. Witness a live demonstration of these attack techniques on one or more serverless platforms. Gain insights into the architecture and advantages of serverless computing, understand the unique security challenges, and learn best practices for maintaining security in these environments. See how self-duplicating attacks can survive persistently within serverless code and observe their execution on various platforms.
Syllabus
Serverless Infections - Malware Just Found a New Home - Amit Ashbel
Taught by
OWASP Foundation