Serverless applications have seen a significant rise in adoption in the past year. Along with its advantages serverless architecture presents new security challenges. Some of these security threats are equal to those we know from traditional application development and some take a new form. One particular example is the Injection attacks. Yes SQL/NoSQL OS and Code Injection attacks they all still exist. But when dealing with a monolithic application we only have one way in. What happens when we move to serverless architecture and we lose the perimeter? code is no longer executed directly but is executed through cloud events. Whether it?s a file upload an email sent a notification received or a simple log entry. In this talk I will examine the Serverless #1 risk: Event Injection and will demonstrate injection attacks form multiple event types.

Back to BSidesCT 2019 video list