Explore serverless security challenges and new approaches in this conference talk from GOTO Copenhagen 2021. Dive into the world of cloud-native development and serverless architecture, understanding their impact on traditional security models. Learn about resource-based IAM, loss of perimeter, and specific serverless risks. Examine the OWASP serverless top 10 and witness a live demo. Discover how traditional AppSec testing methods fall short in modern CI/CD pipelines and cloud-native environments. Gain insights into innovative security solutions for serverless applications, including SCA, image scanning, infrastructure as code, IAST, SAST, and DAST. Explore real-world use cases and the concept of a unified DevSecOps platform to address the unique security challenges of serverless computing.
Serverless Security - New Risks Require New Approaches
Overview
Syllabus
Intro
Cloud native is the future of app development
Cloud native transformation has begun
More than a technology shift
Serverless architecture
What is serverless?
What about security?
Resource-based IAM
Loss of perimeter
Serverless risks
OWASP serverless top 10
Demo
Scale
Traditional AppSec testing for cloud native
Traditional testing in modern CI/CD pipelines
iRobot serverless app
SCA & image scanning
Infrastructure as code
IAST
SAST
DAST
AppSec testing, redefined for the cloud
Example use case
One DevSecOps platform
Outro
Taught by
GOTO Conferences
