Serverless security: attack & defense

Paweł Rzepa 2020.09.28

Author: Paweł Rzepa

In this talk I’m going to show you various attack vectors against the serverless applications built from AWS Lambda functions. You’ll see:

  • my findings on publishing malicious NPM packages to smuggle malicious code into legitimately looking dependences,
  • examples of validation errors in serverless applications, including Denial of Wallet attacks and RCE in a fugacious, serverless environment
  • serverless attacks and security nuances in Azure and GCP
  • recipes to prevent those attacks
Paweł Rzepa
Paweł Rzepa Senior IT Security Consultant