Serverless security: attack & defense

Author: Paweł Rzepa

In this talk I’m going to show you various attack vectors against the serverless applications built from AWS Lambda functions. You’ll see:

• my findings on publishing malicious NPM packages to smuggle malicious code into legitimately looking dependences,
• examples of validation errors in serverless applications, including Denial of Wallet attacks and RCE in a fugacious, serverless environment
• serverless attacks and security nuances in Azure and GCP
• recipes to prevent those attacks

Paweł Rzepa Senior IT Security Consultant