| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Function as a Service (FaaS) platforms facilitate application deployment and event-driven execution with minimal cloud infrastructure and operational overhead. Consequently, the FaaS market is forecasted to grow 33% with an estimated valuation of $7.75B USD by 2021. However, every benefit has a cost and FaaS is no exception. Despite Amazon's diligent efforts to secure their Lambda FaaS platform, its intended ability to access a variety of resources and services can be abused for unintended results. This presentation explores the attack surface of the AWS Lambda FaaS platform and how it can be surreptitiously used to circumvent security controls. Specifically, it will demonstrate how to hijack and impersonate Lambda functions, gain persistent remote access to the AWS cloud environment, and reverse engineer the Lambda runtime environment itself. Bryan McAninch is an information security professional with over twenty years experience in various disciplines including digital forensics, penetration testing, and security architecture. His current area of research has been focused on the security implications of cloud and container technologies. He holds a Bachelor of Science in Business Administration from the University of Texas at Dallas and a Master of Science in Information Assurance from the University of Dallas. Bryan is passionate about information security and giving back to the community. He is an organizer of the North Texas Cyber Security Group, member of the Dallas Hackers Association, and owner of Prevade Cybersecurity.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast