A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Full Steam Ahead: Serverless Hacking 101 - Tal Melamed Derbycon 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

Full Steam Ahead: Serverless Hacking 101
Tal Melamed
Derbycon 2019

Serverless architecture presents new security challenges. Some are equal to those we know from traditional application development, but some take a new form. Both, developers and attackers must start thinking differently to gain the upper hand. Damn Vulnerable Serverless Application (DVSA) is a deliberately vulnerable, open-source tool, aiming to be an aid for security professionals to test their skills and tools in a legal environment. In this talk, I will cover common attack vectors which have changed from what we were used to. After this talk, you should be able to deploy your own vulnerable app and have basic skills to gain your serverless pen-testing advantage.

In the past year, Tal Melamed been experimenting in offensive and defensive security for the serverless technology, as part of his role as Head of Security Research at Protego Labs. Specializing in AppSec, he has more than 15 years of experience in security research and vulnerability assessment, previously working for leading security organizations such as Synack, AppSec Labs, CheckPoint, and RSA. Tal is also the leader and creator of the OWASP Serverless Top 10 and DVSA projects.

@dvsaowasp, @_nu11p0inter

Back to Derbycon 2019 video list

Printable version of this article

15 most recent posts on Irongeek.com:


    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2019, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast