Learn how to secure your serverless apps in the AWS Cloud, plus how to get Amazon Canada to help you with your Startup projects – both financially & resources wise!
PRESENTATIONS:
1. "Serverless Security in AWS Cloud" by Andrew Brown (https://www.linkedin.com/in/andrew-wc-brown/), CEO of ExamPro
Andrew adopted his recent AWS Security talk (http://bit.ly/fast-track-to-security-with-aws) to focus on securing Serverless apps and services. Plus, he "spiced it up" with some OWASP (Open Web Application Security Project) Serverless Top 10 information. (recording at https://youtu.be/eqx5HQ9hYiE)
2. "Serverless, Startups & AWS - The beginning of a beautiful friendship" by Mike Apted (https://twitter.com/mikeapted), Startup Solutions Architect at AWS Canada
In this talk, Mike discussed the alignment of goals between Serverless technology and Startups. He talked about the platform features and AWS programs that are available to enable startups in accelerating their product market fit, fueling their growth and making connections. (recording at https://www.youtube.com/watch?v=eqx5HQ9hYiE&t=1648)
P.S. Special thanks to Myplanet (https://www.myplanet.com/) for providing the space, and PureSec - Serverless Security Platform (https://www.puresec.io/) for providing pizza and refreshments!
P.P.S. If you'd like to speak at any of the upcoming Serverless Toronto User Group events, our Slack community (via http://slack.ServerlessToronto.org) and add your topic to the #want-to-present channel.
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Startups
1. Thursday, Apr 18, 2019
1. Intro & Activity Update
2. Community Open Mic
3. Andrew Brown, ExamPro: "Serverless
Security in AWS Cloud"
4. Mike Apted, AWS Canada: "Serverless,
Startups & AWS - The beginning of a
beautiful friendship"
5. Networking
1
ServerlessToronto.org Meetup Agenda
7. Andrew Brown
April 18 2019
andrew@exampro.co
CEO of ExamPro
12 Year Full Stack Developer
4/10 AWS Certifications
Loves StarTrek DS9
8. The Fast Track to
Serverless Security on AWS
Full-Stack Powerleveling
9. Powerleveling The Fast Track to Security on AWS exampro.co
This Tech Talk Is Designed To Help You
Study For The Security Speciality AWS Certification
10. Powerleveling The Fast Track to Serverless Security on AWS exampro.co
Keeping our secrets a secret
Mitigating DDoS Attacks
Encrypting data at rest
Encrypting data in transit
Least permissive IAM policies
Securing AWS Lambda Functions
Protect against common exploits and attacks
Automated Security with ML services
KMS - Key Management Service
ACM - AWS Certification Manager
IAM - Identity and Access Management
Lambda
CloudFront, AWS Shield
Param Store, Secrets Manager
WAF - Web Application Firewall
Macie, Guard Duty
11. Powerleveling The Fast Track to Serverless Security on AWS exampro.co
Serverless Security Resources
12. Powerleveling The Fast Track to Serverless Security on AWS exampro.co
Serverless Security Resources
1. Injection
2. Broken Authentication and Session Management
3. Sensitive Data Exposure
4. XML External Entity
5. Broken Access Control
6. Security Misconfiguration
7. Cross-Site Scripting
8. Insecure deserialization
9. Using Components With Known Vulnerabilities
10. Insufficient Logging and Monitoring
13. Powerleveling The Fast Track to Serverless Security on AWS exampro.co
Serverless Security Resources
14. KMS - Key Management Service
checkbox secure and start encrypting
Multi-tenant HSM to create and control encryption keys
Hardware security module
$1 / per key
Powerleveling The Fast Track to Serverless Security on AWS exampro.co
15. Powerleveling The Fast Track to Security on AWS exampro.co
KMS integrates with many AWS services
16. Securing AWS Lambda Functions
Powerleveling The Fast Track to Serverless Security on AWS exampro.co
lets you run code without provisioning or managing servers
Scan vulnerabilities in your 3rd party dependencies
Prevent event-data injection
Least permissive IAM policies
Keeping our secrets a secret
Lambda Protection from AWS Lambda Partners
Lambda Compliance
17. Powerleveling The Fast Track to Serverless Security on AWS exampro.co
Securing AWS Lambda Functions
Snyk
A developer-first solution that automates finding & fixing
vulnerabilities in your dependencies
Scan vulnerabilities in your 3rd party dependencies
18. Powerleveling The Fast Track to Serverless Security on AWS exampro.co
Securing AWS Lambda Functions
Prevent Event-Data Injection
“DELETE * FROM USERS”
File name
19. Powerleveling The Fast Track to Serverless Security on AWS exampro.co
Securing AWS Lambda Functions
Least Permissive IAM Policies
20. SSM Param Store
Powerleveling The Fast Track to Security on AWS exampro.co
Stores sensitive data such as passwords
Secrets Manager
$$$ - $0.40 /secret
● RDS Integration
● Multiple Key / Values in on Secret
● *Automated Key Rotation (via Lambda)
● Restore Accidentally deleted secrets
● Free!
● Versioned
● Rotate Keys with Cloudwatch + Lambda
Securing AWS Lambda Functions
Keeping Our Secrets a Secret
21. Powerleveling The Fast Track to Security on AWS exampro.co
● SOC 1
● SOC 2
● SOC 3
● PCI DSS
● HIPAA
Use AWS Artifact to gain access to these reports
on how AWS is compliant
Compliant with:
AWS Lambda Compliance
22. Macie
Both use machine learning to analyze logs
GaurdDuty
Powerleveling The Fast Track to Security on AWS exampro.co
DNS and Flow Logs CloudTrail Logs for S3
28. WAF - Web Application Firewall
Powerleveling The Fast Track to Security on AWS exampro.co
Put a firewall in-front of your ALB or CloudFront
29. Powerleveling The Fast Track to Serverless Security on AWS exampro.co
CloudFront (CDN) API Gateway Lambda
Default Throttled
10K requests per second (rpm)
WAF
WAF
ALB
Lambda
Two ways to protect Lambdas with WAF
56. WITHOUT SERVERLESS
DOOR’S GROWTH WOULDN’T BE SUSTAINABLE
DUE TO INFRASTRUCTURE COSTS.
RESULTS
NET MONTHLY COST
$280
TIME TO BUILD CORE PLATFORM
3 MONTHS
TRANSACTIONS PER MONTH
24 MILLION