Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2HlRF8r.
Guy Podjarny breaks into a vulnerable serverless application and exploits multiple weaknesses, helping understand the mistakes that can be made, their implications, and how to avoid them. Filmed at qconlondon.com.
Guy Podjarny is a cofounder at Snyk.io, focusing on open source and cloud security. He was previously CTO at Akamai following their acquisition of his startup, Blaze.io, and worked on the first web app firewall & security code analyzer. He is a frequent conference speaker, the author of "Responsive & Fast”, “High Performance Images” and the upcoming “Securing Open Source Code”.
2. InfoQ.com: News & Community Site
Watch the video with slide
synchronization on InfoQ.com!
https://www.infoq.com/presentations/
serverless-security-2018
• Over 1,000,000 software developers, architects and CTOs read the site world-
wide every month
• 250,000 senior developers subscribe to our weekly newsletter
• Published in 4 languages (English, Chinese, Japanese and Brazilian
Portuguese)
• Post content from our QCon conferences
• 2 dedicated podcast channels: The InfoQ Podcast, with a focus on
Architecture and The Engineering Culture Podcast, with a focus on building
• 96 deep dives on innovative topics packed as downloadable emags and
minibooks
• Over 40 new content items per week
3. Purpose of QCon
- to empower software development by facilitating the spread of
knowledge and innovation
Strategy
- practitioner-driven conference designed for YOU: influencers of
change and innovation in your teams
- speakers and topics driving the evolution and innovation
- connecting and catalyzing the influencers and innovators
Highlights
- attended by more than 12,000 delegates since 2007
- held in 9 cities worldwide
Presented at QCon London
www.qconlondon.com
4. snyk.io
About Me
• Guy Podjarny, @guypod on Twitter
• CEO & Co-founder at Snyk
• History:
• Cyber Security part of Israel Defense Forces
• First Web App Firewall(AppShield), Dynamic/Static Tester(AppScan)
• Security: Worked in Sanctum -> Watchfire -> IBM
• Performance: Founded Blaze -> CTO @Akamai
• O’Reilly author, speaker
5. snyk.io
Serverless Security: The Theory
(talk from ServerlessConf)
https://www.youtube.com/watch?v=CiyUD_rI8D8
https://www.infoq.com/articles/serverless-security
29. snyk.io
Serverless user is typically
Low Privilege
Reducing impact substantially, but not eliminating it
30. snyk.io
7. Worry about all functions
(Every available function increases your attack surface)
31. snyk.io
Security in Serverless
Vulnerabilities in your code
Vulnerable App Dependencies
Permissions
Securing Data at rest
Vulnerable OS Dependencies
Denial of Service
Long-lived Compromised
Servers
Third Party Services
Attack Surface
Security Monitoring
Better Neutral Worse
32. snyk.io
Serverless is defined now.
Let’s build Security in.
Thank You!
Guy Podjarny, Snyk
@guypod
More to come:
Microservices Panel, Mon, 5:25pm
Serverless AMA, Wed, 2:55pm
33. Watch the video with slide
synchronization on InfoQ.com!
https://www.infoq.com/presentations/
serverless-security-2018