Serverless Top 10 Vulnerabilities by Tal Melamed

Explore the top 10 vulnerabilities in serverless architectures in this 52-minute conference talk by Tal Melamed from Bugcrowd. Dive into the OWASP Serverless Top 10 project, examining how traditional security threats apply to serverless applications. Discover the unique attack vectors, security weaknesses, and business impacts specific to the serverless world. Learn about crucial differences in prevention techniques compared to traditional applications. Gain insights into topics such as event injection, broken authentication, XML external entity attacks, access control issues, security misconfigurations, cross-site scripting, insecure deserialization, and insufficient logging and monitoring. Understand the evolution of cloud computing, serverless providers, and the importance of adapting security practices for this emerging technology. Conclude with resources for further learning, including the DVSA eXpliter tool.