Serverless application security
09:30 - 17:30, 7th of May (Tuesday) 2019/ WORKSHOP 7
OBC, Olivia Four
Trainer: Marcin Hoppe
Workshop description:
Software developers love serverless. Function-as-a-Service platforms are cheap, convenient and allow developers to focus on users and solving their problems instead of fiddling with the infrastructure.
On the other hand, security engineers need to find their way around this brave new world and re-learn their trade without familiar tools such as firewalls and intrusion detection systems.
Join Marcin as he takes you on a journey to secure a serverless application built on AWS Lambda. You will learn how to approach this new problem, which AWS services can be helpful and where a good grasp of the basics is still necessary.
In this workshop, we’ll go hands-on into exploring:
- Add authentication and authorization to serverless functions using OAuth 2.0.
- Securely store secrets and database credentials.
- Stop attacks using Web Application Firewall (WAF).
- Monitor your application and detect attacks.
- Use OWASP Serverless Top 10 and Cloud Security projects.
Experience required:
You will need basic experience with building serverless applications on AWS. If you have never built an application on AWS Lambda, going through the Getting Started tutorial is recommended.
Environment:
You will need a laptop with AWS command line tools, Node.js and a code editor. Postman or a similar tool will also be helpful for testing. You will also need an AWS account (free tier will work fine).
Language: English.
Lunch: included.