Engineer for the future of Cloud
June 10-13, 2019
San Jose, CA

Serverless security: Attackers and defenders

Ory Segal (PureSec)
4:45pm5:25pm Thursday, June 13, 2019
Location: 230 B



Prerequisite knowledge

  • General knowledge of serverless architectures

What you'll learn

  • Understand application security challenges for serverless architectures
  • Learn about the key risks and developer mistakes for serverless applications, how to protect and defend your serverless code and about open source tools that can help
  • See how an attacker approaches serverless apps and exploits weaknesses


In cloud native environments in general, and serverless in particular, the cloud provider is responsible for securing the underlying infrastructure from the data centers all the way up to the container and runtime environment. This relieves much of the security burden from the application owner; however, it also poses many unique challenges when it comes to securing the application layer.

Ory Segal discusses the most critical challenges related to securing serverless applications—from development to deployment. He walks you through a live demo of a realistic serverless application that contains several common vulnerabilities and shows how they can be exploited by attackers and how to secure them.

Photo of Ory Segal

Ory Segal


Ory Segal is the cofounder and CTO of PureSec, a startup that enables organizations to build and maintain secure and reliable serverless applications. Ory is a a world-renowned expert in application security with 20 years of experience in the field. Previously, he was senior director of threat research at Akamai, where he led a team of top web security and big data researchers, and IBM, as the security products architect and product manager for the market-leading application security solution IBM Security AppScan. Ory authored 20 patents in the field of application security, static analysis, dynamic analysis, and threat reputation systems. He’s serving as an officer of the Web Application Security Consortium (WASC), was a member of the W3C WebAppSec working group, was an OWASP Israel board member, and is an OWASP project leader.

Leave a Comment or Question

Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?

Join the conversation here (requires login)