<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1919858758278392&amp;ev=PageView&amp;noscript=1">

Session Name: First Line Defense for the OWASP Serverless Security Top 10

Serverless architecture has brought a lot of comfort and elegance to software delivery, making it quite appealing for modern application engineering. However, it’s not without its drawbacks. In fact, serverless architecture introduces a whole new set of security implications you should know about. Serverless architecture has brought a lot of comfort and elegance to software delivery, making it quite appealing for modern application engineering. However, it’s not without its drawbacks. In fact, serverless architecture introduces a whole new set of security implications that should be considered early when building your applications.
The OWASP Serverless Top 10 is an excellent reference for educating practitioners and organizations about the potential security risks and consequences when implementing serverless architecture, as well as how to mitigate these. However, as with all things engineering - if isn’t automated and built into developer workflows, most of the time it just won’t happen. In this talk, we’ll walk you through the current serverless security state of the union - known methods for securing your serverless applications, the manual methods vs. automated techniques. We’ll wrap up with practical ways for translating these known risks into an automated plan built for any language, tech stack or feature, providing practical methods to take back control and mitigate these known top 10 serverless exploits with code.

 

 

Speaker Bio:

An experienced VP of Engineering, manager, and tech lead with many years of industry experience at startups and global enterprise companies. Passionate about developing innovative products and leading engineering teams to deliver quality products. Skilled in architecting SaaS solutions, building high-performance teams, software security, design, and development.