Play all

Intro

Serverless encourages functions as deploy units, coupled with third party services that allow running end-to-end applications without worrying about system operation. New serverless patterns are just…

MISCONCEPTIONS

IT'S MARKETING (CLOUD REBRANDED)

SERVERLESS == CLOUD

Serverless was first used to describe applications that significantly or fully depend on 3rd party applications / services ('in the cloud') to manage server-side logic and state.

SERVERLESS IS (NO MANAGEMENT OF) SERVERS

OPINIONATED FRAMEWORK FOR COMPUTE

PRIVATE CLOUD

THEN, ALONG CAME CONTAINERS

CONTAINERS ARE TEH HAWTNESS

SCALING BUILT IN

PAY FOR WHAT YOU USE IN 100MS INCREMENTS

WITH SERVERLESS SYSTEM ADMINISTRATION IS (MOSTLY) LOWER

LEAN STARTUP FRIENDLY

GREAT, WHAT'S THE CATCH?

OPS BURDEN TO RATIONALIZE SERVERLESS MODEL (SPECIFICALLY DEPLOY)

STATELESS FOR REAL NO MEMORY PERSISTENCE ACROSS FUNCTION RUNS

RELIABILITY

SERVERLESS USE CASES

RUN A WEB APPLICATION

SECURITY IS THE SAME AND DIFFERENT

WHAT USED TO BE SYSTEM CALLS IS NOW DISTRIBUTED COMPUTING OVER THE NETWORK

SERVERLESS SHIFTS ATTACK SURFACE TO THIRD PARTIES

LETS TRY A SAMPLE APPLICATION IN AWS

SURFACE AREA REDUCTION!

SURFACE AREA EXPANSION!

USE A THIRD-PARTY SERVICE FOR CONFIG CHANGES

INTEGRATION TESTING

Application layer

TIMEOUTS AND EXECUTION RESTRICTIONS

Serverless encourages functions as deploy units, coupled with third party services that allow running end-to-end applications without worrying about system operation. • New serverless patterns are ju…

Description:

Explore the security implications of serverless computing in this 46-minute LASCON conference talk. Dive into the challenges and opportunities presented by serverless architectures, including AWS Lambda, Azure Functions, and Google Cloud Functions. Learn how traditional security approaches must adapt to this new paradigm where processes run for milliseconds before being destroyed. Discover practical security strategies focusing on four key areas: software supply chain, delivery pipeline, data flow, and attack detection. Gain insights into serverless adoption patterns and witness a live demo of building and securing a complete serverless application. Whether you're a C-level executive or a developer, acquire valuable knowledge about serverless security principles and practices applicable to your role.

Doing Security in 100 Milliseconds - The Speed of Serverless Computing

LASCON

Add to list

#Conference Talks #LASCON #Programming #Cloud Computing #Computer Science #System Administration #Serverless Computing #Software Development #Software Testing #Integration Testing

0:00 / 0:00