Overview
Explore the top 10 vulnerabilities in serverless architectures in this 52-minute conference talk by Tal Melamed from Bugcrowd. Dive into the OWASP Serverless Top 10 project, examining how traditional security threats apply to serverless applications. Discover the unique attack vectors, security weaknesses, and business impacts specific to the serverless world. Learn about crucial differences in prevention techniques compared to traditional applications. Gain insights into topics such as event injection, broken authentication, XML external entity attacks, access control issues, security misconfigurations, cross-site scripting, insecure deserialization, and insufficient logging and monitoring. Understand the evolution of cloud computing, serverless providers, and the importance of adapting security practices for this emerging technology. Conclude with resources for further learning, including the DVSA eXpliter tool.
Syllabus
Intro
The Evolution of the Cloud
Is it here to stay?
Serverless Providers
Event Injection
Broken Authentication
XML External Entity
Broken Access Control
Security Misconfiguration
Cross-Site Scripting
Insecure Deserialization
Insufficient Logging & Monit A
How can we learn more
DVSA eXpliter
Taught by
Bugcrowd