Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Serverless Infections - Malware Just Found a New Home

OWASP Foundation via YouTube

Overview

Explore the security implications of serverless computing in this AppSecUSA 2018 conference talk. Discover how malware can infiltrate serverless environments as Erez Yalon presents the first-ever Remote Code Execution (RCE) attack in a serverless setting. Learn about the architecture and advantages of serverless computing, understand the associated security challenges, and witness a live demonstration of data infiltration, infection, and exfiltration. Gain insights into self-duplicating attacks that persist within the code and observe their execution across various serverless platforms. Delve into topics such as code injection, AWS SDK exploitation, Lambda security parameters, and Virtual Private Cloud considerations. Walk away with best practices and tips for maintaining security in serverless environments, equipping yourself to address critical questions organizations face when transitioning to this technology.

Syllabus

Intro
Evolution
Life cycle
Benefits and downsides
Common Use Cases
Serverless Security
Challenge Accepted
Code Injection
Checkmarks
payload
AWS SDK
Persistence
Onetime infection
Cross contamination
Lambda security
Lambda security parameters
Execution roll
Documentation
Virtual Private Cloud
Summary

Taught by

OWASP Foundation

Reviews

Start your review of Serverless Infections - Malware Just Found a New Home

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.