In cloud native environments in general, and serverless in particular, the cloud provider is responsible for securing the underlying infrastructure from the data centers all the way up to the container and runtime environment. This relieves much of the security burden from the application owner; however, it also poses many unique challenges when it comes to securing the application layer.
Ory Segal discusses the most critical challenges related to securing serverless applications—from development to deployment. He walks you through a live demo of a realistic serverless application that contains several common vulnerabilities and shows how they can be exploited by attackers and how to secure them.
Ory Segal is the cofounder and CTO of PureSec, a startup that enables organizations to build and maintain secure and reliable serverless applications. Ory is a a world-renowned expert in application security with 20 years of experience in the field. Previously, he was senior director of threat research at Akamai, where he led a team of top web security and big data researchers, and IBM, as the security products architect and product manager for the market-leading application security solution IBM Security AppScan. Ory authored 20 patents in the field of application security, static analysis, dynamic analysis, and threat reputation systems. He’s serving as an officer of the Web Application Security Consortium (WASC), was a member of the W3C WebAppSec working group, was an OWASP Israel board member, and is an OWASP project leader.
Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?
Join the conversation here (requires login)
©2019, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org