Loading…
OWASP Global AppSec US 2021
Attending this event?
Back To Schedule
Friday, November 12 • 4:00pm - 5:00pm
Automated Serverless Security Testing: Delivering secure apps continuously

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Serverless technology eliminates the need for development teams to provision servers, and it also results in some security threats being passed to the cloud provider. This frees up developers to concentrate on building logic and producing value quickly. But cloud functions still execute code. If the software is written poorly, it can lead to a cloud disaster.

How can developers ensure that their code is secure enough? They can scan for common vulnerabilities and exposures (CVEs) in open-source code. They can even scan their Infrastructure-as-Code (IaC) tool to identify insecure configurations. But what about custom code? At many organizations, the application security team struggles to keep up with the speed of development in a serverless environment. Traditional testing tools not only provide very limited coverage, but also slow development cycles unacceptably. Serverless code contains a mixture of cloud configurations and application programming interfaces (API) calls. As a result, legacy solutions lack the context that is necessary in a serverless environment, and the consequence is a lack of observability and slower response times.

Fortunately, it does not have to be this way. Organizations can leverage robust security during serverless development, automatically—if it is done properly. In this talk, we will discuss common risks in serverless environments. We will then cover existing testing methodologies and why they do not work well for serverless. Finally, we will present a new, completely frictionless way of testing serverless applications automatically—with no scripts, no tests, and no delays.

Speakers
avatar for Tal Melamed

Tal Melamed

Contrast Security
With over 15 years’ experience in security research and engineering - Tal possesses an unprecedented understanding of the Application and Serverless Security landscape. Most recently Tal co-founded CloudEssence, a cloud-native security technology company that enables organisations... Read More →


Friday November 12, 2021 4:00pm - 5:00pm PST
On-Line
  Builder
Feedback form isn't open yet.

Attendees (5)