Red Team View: Gaps in the Serverless Application Attack Surface


Posted on in Presentations

This talk will discuss new and previously unknown methods of enumerating and targeting an application's serverless attack surface and leveraging these techniques to gain privileged access to component services. Real-world examples taken from dozens of penetration tests and example code will be provided.

Learning Objectives:
1: Learn new attacker techniques which target subtle serverless component flaws.
2: Understand how advanced attackers can target and leverage these security vulnerabilities.
3: Find out how to lock down these applications against these advanced tactics.

Pre-Requisites:
High-level understanding of serverless application architecture and modern javascript-based web frameworks.


Participants
Michael Cotton

Participant

SVP Research & Development, Digital Defense Inc.

Security Strategy & Architecture

risk & vulnerability assessment penetration testing key management exploit of vulnerability cloud security


Topic

Subtopic


Share With Your Community