Don't be SecureLess: Best practices for keeping your Lambdas secure
Ben Ellerby

Abstract

One of the benefits of Serverless architectures, and AWS Lambda specifically, is that there is #NoOps required to get your code live. You provide the code and deployment, patching and hardware are abstracted away from you.

The issue is, there is still a server. Hot lambda invocations (invoking the function while the cloud provider has your runtime and code provisioned) can allow information leaking across lambda invocations, networks are still a thing, underlying operating systems change and you’re adding code dependencies.

From experience on several serverless projects, this talk will provide a checklist of security concerns to look out for on Serverless projects. Ben covers temporary storage, the granularity of Lambas, IAM policies, observability, API Gateway, and the OWASP Top Ten.

Serverless architectures reduce a lot of the ops and patching work needed to ensure security and availability. That said, they also introduce new attack vectors that are not as well known, simplicity lets you get away without knowing how the underlying machine is working and security basics don’t go away.

Date:
December 10, 2019
This talk was hosted at an aleios event. The speaker / company does not work for aleios.
No items found.

Ben Ellerby

Ben is the founder of Aleios & an AWS Serverless Hero. He is the editor of Serverless Transformation: a blog, newsletter, and podcast which share tools, techniques, and use cases for all things Serverless.

But wait... there's more...