A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Event Injections: Sending Evil to the Cloud - Tal Melamed BSidesCT 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

Event Injections: Sending Evil to the Cloud
Tal Melamed
BSidesCT 2019

Serverless applications have seen a significant rise in adoption in the past year. Along with its advantages serverless architecture presents new security challenges. Some of these security threats are equal to those we know from traditional application development and some take a new form. One particular example is the Injection attacks. Yes SQL/NoSQL OS and Code Injection attacks they all still exist. But when dealing with a monolithic application we only have one way in. What happens when we move to serverless architecture and we lose the perimeter? code is no longer executed directly but is executed through cloud events. Whether it?s a file upload an email sent a notification received or a simple log entry. In this talk I will examine the Serverless #1 risk: Event Injection and will demonstrate injection attacks form multiple event types.

Back to BSidesCT 2019 video list

Printable version of this article

15 most recent posts on Irongeek.com:


    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2019, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast