OWASP Ukraine 2020 Online

Serverless security: attack & defense
2020-12-05, 17:00–17:45, OWASP Ukraine Online 2020

In this talk I'm going to show you various attack vectors against the serverless applications built from AWS Lambda functions. You can expect the followings: * my findings on publishing malicious NPM packages to smuggle malicious code into legitimately looking dependences, * examples of validation errors in serverless applications, including Denial of Wallet attacks and RCE in a fugacious, serverless environment * insecure defaults in Serverless framework * serverless attacks and security nuances in Azure and GCP * recipes to prevent those attacks * lots of demos * lots of fun 🙂