Red Team View: Gaps in the Serverless Application Attack Surface

Posted on in Presentations

This talk will discuss new and previously unknown methods of enumerating and targeting an application's serverless attack surface and leveraging these techniques to gain privileged access to component services. Real-world examples taken from dozens of penetration tests and example code will be provided.

Learning Objectives:
1: Learn new attacker techniques which target subtle serverless component flaws.
2: Understand how advanced attackers can target and leverage these security vulnerabilities.
3: Find out how to lock down these applications against these advanced tactics.

High-level understanding of serverless application architecture and modern javascript-based web frameworks.

Michael Cotton


SVP Research & Development, Digital Defense Inc.

Security Strategy & Architecture

risk & vulnerability assessment penetration testing key management exploit of vulnerability cloud security



Share With Your Community