Agile + DevOps East 2018 Concurrent Session : Serverless Security: Overcome Architectural Security Challenges
Thursday, November 8, 2018 - 3:00pm to 4:00pm

Serverless Security: Overcome Architectural Security Challenges

Add to calendar

Serverless architectures take the idea of microservices to the extreme. To implement secure serverless architectures, you have to understand how to compartmentalize programs at the function level. You also need to factor in security practices: Serverless architectures are susceptible to traditional attacks such as SQL injection and command injection, along with a wide variety of privilege escalation and sensitive data disclosure attacks. Developers must consider what would happen if an attacker attempted to invoke each of their functions directly. What if one of those functions were to become nonresponsive? Designing, implementing, and maintaining serverless architectures dramatically increases the complexity of security. Join Eric Sheridan as he discusses how to implement distributed, secure identity management and entitlement enforcement across 250+ functions. Eric will present a serverless security checklist, explain why serverless architectures increase the complexity of security, and show how to spot security vulnerabilities. You'll leave with proven strategies to overcome architectural security challenges.


WhiteHat Security

As chief scientist at WhiteHat Security, Eric oversees research and development for Sentinel Source and related products. Eric leads the WhiteHat Certified Secure Developer (WCSD) program, a free training program designed to educate and certify developers on secure coding and application security best practices. Prior to joining WhiteHat, Eric cofounded Infrared Security, specializing in application security and next-generation static analysis technologies that were ultimately integrated within WhiteHat Sentinel Source. He earned a bachelor of science degree in computer science with a track in security from Towson University.