OWASP Ukraine 2020 Online

Pawel Rzepa

Pawel is a senior security consultant in SecuRing. On a daily basis he is responsible for performing penetration tests and cloud security assessments. He has a wide experience in security field gained inter alia, as a fuzzer developer in Spirent, pentester in EY GSS, security auditor in Credit Agricole or threat analyst in IBM SOC. His skills are proven by gaining OSCP, eMAPT, AWS SAA and AWS CSS certificates. Pawel actively supports OWASP community by arranging local OWASP chapter meetings in Wroclaw.


Serverless security: attack & defense

In this talk I'm going to show you various attack vectors against the serverless applications built from AWS Lambda functions. You can expect the followings: * my findings on publishing malicious NPM packages to smuggle malicious code into legitimately looking dependences, * examples of validation errors in serverless applications, including Denial of Wallet attacks and RCE in a fugacious, serverless environment * insecure defaults in Serverless framework * serverless attacks and security nuances in Azure and GCP * recipes to prevent those attacks * lots of demos * lots of fun 🙂