SlideShare a Scribd company logo

Security in serverless world (get.net)

Yan Cui
Yan Cui

This document discusses security considerations for serverless applications. It notes that while serverless applications avoid some security risks related to servers, they also introduce new risks related to application dependencies and access controls. It recommends practices like least privilege access, input/output sanitization, encryption of data at rest and in transit, monitoring for unusual activity, and deleting unused functions. The document emphasizes that people are often the weakest link and proper credentials management is important. It also discusses challenges like denial of service attacks and accidental exposure of functions or data.

Technology
1 of 179
Download to read offline
Security in the Serverless World
Yan Cui http://theburningmonk.com @theburningmonk Principal Engineer @
available in Austria, Switzerland, Germany, Japan, Canada, Italy and US
available on 30+ platforms
~1,000,000 concurrent viewers
We’re hiring! Visit engineering.dazn.com to learn more. follow @dazneng for updates about the engineering team
follow @dazneng for updates about the engineering team We’re hiring! Visit engineering.dazn.com to learn more. WE’RE HIRING!
AWS user since 2009
http://bit.ly/yubl-serverless
Shared Responsibility Model
Shared Responsibility Model
protection from OS attacks Amazon automatically apply latest patches to host VMs
still have to patch your code vulnerable code, 3rd party dependencies, etc.
https://snyk.io/blog/owasp-top-10-breaches
https://snyk.io/blog/owasp-top-10-breaches Known Vulnerable Components cause 24% of the top 50 data breaches
https://snyk.io/blog/77-percent-of-sites-use-vulnerable-js-libraries
http://bit.ly/2topw5I
sanitise inputs & outputs (standardise and encapsulate into shared lib)
http://bit.ly/2gSHtay Broken Access Control Insecure Direct Object Reference Information Leakage GraphQL Injection
http://bit.ly/2uKhGXF
http://bit.ly/2uKhGXF
app dependencies is a attack surface BIGGER than you think
your dependencies
your dependencies transient dependencies
https://david-dm.org/request/request?view=tree
https://snyk.io
security updates are often bundled with unrelated feature and API changes
your security is as strong as its weakest link
OS Application Dependencies physical infrastructure NPM Authors Container runs in runs in runs in has hosted by published by pushes to Developers develops uses Users guardsprotects Networking runs on needs Source Code has maintains
OS Application Dependencies physical infrastructure NPM Authors Container runs in runs in runs in has hosted by published by pushes to Developers develops uses Users guardsprotects Networking needs runs on this is where an attacker will target in a movie Source Code has maintains
OS Dependencies physical infrastructure NPM Authors Container runs in runs in runs in has hosted by published by pushes to Developers develops uses Users guardsprotects Application A9 Networking runs on needs Source Code has maintains A1, A3, …
people are often the WEAKEST link in the security chain
OS Dependencies physical infrastructure NPM Authors Container runs in runs in runs in has hosted by published by pushes to Developers develops uses Users guardsprotects Application phishing… Networking runs on needs Source Code has maintains
OS Dependencies physical infrastructure NPM Authors Container runs in runs in runs in has hosted by published by pushes to Developers develops uses Users guardsprotects Application brute force, known account leaks, … Networking runs on needs Source Code has maintains
OS Dependencies physical infrastructure NPM Authors Container runs in runs in runs in has hosted by published by pushes to Developers develops uses Users guardsprotects Application brute force, known account leaks, … Networking runs on needs Source Code has maintains
http://bit.ly/2sFDwYX …obtained publish access to 14% of npm packages…
http://bit.ly/2sFDwYX debug, request, react, co, express, moment, gulp, mongoose, mysql, bower, browserify, electron, jasmine, cheerio, modernizr, redux, …
http://bit.ly/2sFDwYX total downloads/month of the unique packages which I got myself publish access to was 1 972 421 945, that’s 20% of the total number of d/m directly.
20% of all monthly NPM downloads…
brute force known account leaks from other sources leaked NPM credentials (github, etc.)
http://bit.ly/2sFDwYX
http://bit.ly/2sFDwYX 662 users had password “123456” 172 — “123” 124 — “password”
WTF!?!?
oh god, that was too easy…
compromised package is a transient dependency sigh…
still “works”…
npmjs.com/~hacktask
rm -rf / !!!
NPM default - get latest “compatible” version, ie. 1.X.X
clean install (eg. on CI server) will download the latest, compromised package without any code change… NPM default - get latest “compatible” version, ie. 1.X.X
use npm shrinkwrap or upgrade to NPM 5 or above
not specific to Node.js or NPM
the attackers are in…
the attackers are in… what now?
Shared Responsibility Model
who can invoke the function?
what can the function access?
Least Privilege Principle
everything here is trusted
sensitive data
http://bit.ly/2zHvbcB
always public access is controlled via IAM
http://bit.ly/2lNInES
adds up to 10s to cold start!! http://bit.ly/2lNInES
compromised servers allow attacker to access all of your sensitive data!
implement authentication for internal APIs
always public implement authentication with API keys, Cognito, or custom authorizer functions
use AWS_IAM authentication for internal APIs
minimise function’s access
requires developer discipline
AWS Lambda docs Write your Lambda function code in a stateless style, and ensure there is no affinity between your code and the underlying compute infrastructure. http://amzn.to/2jzLmkb
S3 AWS IoT DynamoDB RDS EventStore Elasticsearch Couchbase Redshift Neo4j Google BigQuery
secure sensitive data both at rest and in-transit
leverage server-side encryption
http://amzn.to/1N3Twb8
http://amzn.to/1xF41eX
http://amzn.to/2tgvFR2
Least Privilege Principle
Disposability is a virtue
AWS Lambda docs Delete old Lambda functions that you are no longer using. http://amzn.to/2jzLmkb
easier said than done…
identifying component ownership in a big IT organization is challenging
identifying ownership of individual functions is much harder
source: http://www.digitalattackmap.com
more likely to scale through DoS attacks
DoS + per exec billing = Denial of Wallet problem
have to choose between a DoS and a DoW problem…
AWS Shield Advanced also gives you access to the AWS DDoS Response Team (DRT) and protection against DDoS related spikes in your ELB, CloudFront or Route 53 charges.
async sync S3 SNS SES CloudFormation CloudWatch Logs CloudWatch Events Scheduled Events CodeCommit AWS Config http://amzn.to/2vs2lIg Cognito Alexa Lex API Gateway streams DynamoDB Stream Kinesis Stream Lambda handles retries (twice, then DLQ)
http://bit.ly/2v7F2E4
DoS attack 2+ Retries+ ?
DoS attack Regex DoS attack long Lambda timeout 2+ Retries+ ?
Day 1
Day 2
no long-lived compromised servers
containers are reused, avoid sensitive data in /tmp
https://www.puresec.io/function-shield
no accidentally exposed directories
http://bit.ly/2tlGTbc
monitor activities in unused regions using CloudWatch Events
set up billing alarms in unused regions
watertight compartments that can contain water in the case of hull breach or other leaks
Michael Nygard
least privilege principle
per function policies
account level isolation
Recap
app dependencies is a attack surface BIGGER than you think
sanitise inputs and outputs
Least Privilege Principle
here’s your per function policy NEXT!
S3 AWS IoT DynamoDB RDS EventStore Elasticsearch Couchbase Redshift Neo4j Google BigQuery encrypt data at rest
S3 AWS IoT DynamoDB RDS EventStore Elasticsearch Couchbase Redshift Neo4j Google BigQuery and in-transit
delete unused functions.
DoS DoW* * Denial of Wallet
no server* no OS attacks no long lived compromised servers * I know I know, there’s still a server somewhere, but it’s managed and secured by AWS engineers who can do a much better job of it than most of us can; and the servers are ephemeral and short-lived
don’t be an unwilling bit miner
don’t be an unwilling bit miner safeguard your credentials…
prod dev compartmentalise breaches
people are often the WEAKEST link in the security chain
@theburningmonk theburningmonk.com github.com/theburningmonk
API Gateway and Kinesis Authentication & authorisation (IAM, Cognito) Testing Running & Debugging functions locally Log aggregation Monitoring & Alerting X-Ray Correlation IDs CI/CD Performance and Cost optimisation Error Handling Configuration management VPC Security Leading practices (API Gateway, Kinesis, Lambda) Canary deployments http://bit.ly/prod-ready-serverless get 40% off with: ytcui

Recommended

How to build observability into Serverless (O'Reilly Velocity 2018)
How to build observability into Serverless (O'Reilly Velocity 2018)How to build observability into Serverless (O'Reilly Velocity 2018)
How to build observability into Serverless (O'Reilly Velocity 2018)
Yan Cui
 
You wouldn't build a toast, would you?
You wouldn't build a toast, would you?You wouldn't build a toast, would you?
You wouldn't build a toast, would you?
Yan Cui
 
Serverless Architectural Patterns
Serverless Architectural PatternsServerless Architectural Patterns
Serverless Architectural Patterns
Yan Cui
 
Serveless Design Patterns (Serverless Computing London)
Serveless Design Patterns (Serverless Computing London)Serveless Design Patterns (Serverless Computing London)
Serveless Design Patterns (Serverless Computing London)
Yan Cui
 
How to build observability into a serverless application
How to build observability into a serverless applicationHow to build observability into a serverless application
How to build observability into a serverless application
Yan Cui
 
How to build observability into Serverless (BuildStuff 2018)
How to build observability into Serverless (BuildStuff 2018)How to build observability into Serverless (BuildStuff 2018)
How to build observability into Serverless (BuildStuff 2018)
Yan Cui
 
Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless world
Yan Cui
 
The present and future of Serverless observability (Serverless Computing London)
The present and future of Serverless observability (Serverless Computing London)The present and future of Serverless observability (Serverless Computing London)
The present and future of Serverless observability (Serverless Computing London)
Yan Cui
 

Recommended

How to build observability into Serverless (O'Reilly Velocity 2018)
How to build observability into Serverless (O'Reilly Velocity 2018)How to build observability into Serverless (O'Reilly Velocity 2018)
How to build observability into Serverless (O'Reilly Velocity 2018)
Yan Cui
 
You wouldn't build a toast, would you?
You wouldn't build a toast, would you?You wouldn't build a toast, would you?
You wouldn't build a toast, would you?
Yan Cui
 
Serverless Architectural Patterns
Serverless Architectural PatternsServerless Architectural Patterns
Serverless Architectural Patterns
Yan Cui
 
Serveless Design Patterns (Serverless Computing London)
Serveless Design Patterns (Serverless Computing London)Serveless Design Patterns (Serverless Computing London)
Serveless Design Patterns (Serverless Computing London)
Yan Cui
 
How to build observability into a serverless application
How to build observability into a serverless applicationHow to build observability into a serverless application
How to build observability into a serverless application
Yan Cui
 
How to build observability into Serverless (BuildStuff 2018)
How to build observability into Serverless (BuildStuff 2018)How to build observability into Serverless (BuildStuff 2018)
How to build observability into Serverless (BuildStuff 2018)
Yan Cui
 
Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless world
Yan Cui
 
The present and future of Serverless observability (Serverless Computing London)
The present and future of Serverless observability (Serverless Computing London)The present and future of Serverless observability (Serverless Computing London)
The present and future of Serverless observability (Serverless Computing London)
Yan Cui
 
Serverless in production, an experience report
Serverless in production, an experience reportServerless in production, an experience report
Serverless in production, an experience report
Yan Cui
 
Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless world
Yan Cui
 
Containerizing your Security Operations Center
Containerizing your Security Operations CenterContainerizing your Security Operations Center
Containerizing your Security Operations Center
Jimmy Mesta
 
How did we get here and where are we going
How did we get here and where are we goingHow did we get here and where are we going
How did we get here and where are we going
Yan Cui
 
Serverless security: defence against the dark arts
Serverless security: defence against the dark artsServerless security: defence against the dark arts
Serverless security: defence against the dark arts
Yan Cui
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
Chris Gates
 
How to bring chaos engineering to serverless
How to bring chaos engineering to serverlessHow to bring chaos engineering to serverless
How to bring chaos engineering to serverless
Yan Cui
 
How to build observability into a serverless application
How to build observability into a serverless applicationHow to build observability into a serverless application
How to build observability into a serverless application
Yan Cui
 
Lambda and DynamoDB best practices
Lambda and DynamoDB best practicesLambda and DynamoDB best practices
Lambda and DynamoDB best practices
Yan Cui
 
Serverless in production, an experience report (microservices london)
Serverless in production, an experience report (microservices london)Serverless in production, an experience report (microservices london)
Serverless in production, an experience report (microservices london)
Yan Cui
 
Serverless is a win for businesses, not just developers
Serverless is a win for businesses, not just developersServerless is a win for businesses, not just developers
Serverless is a win for businesses, not just developers
Yan Cui
 
Patterns and practices for building resilient serverless applications.pdf
Patterns and practices for building resilient serverless applications.pdfPatterns and practices for building resilient serverless applications.pdf
Patterns and practices for building resilient serverless applications.pdf
Yan Cui
 
Patterns and practices for building resilient serverless applications
Patterns and practices for building resilient serverless applicationsPatterns and practices for building resilient serverless applications
Patterns and practices for building resilient serverless applications
Yan Cui
 
Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless world
Yan Cui
 
Serverless in production, an experience report (London js community)
Serverless in production, an experience report (London js community)Serverless in production, an experience report (London js community)
Serverless in production, an experience report (London js community)
Yan Cui
 
Troubleshooting serverless applications
Troubleshooting serverless applicationsTroubleshooting serverless applications
Troubleshooting serverless applications
Yan Cui
 
Streams and serverless at DAZN
Streams and serverless at DAZNStreams and serverless at DAZN
Streams and serverless at DAZN
Yan Cui
 
How to build a social network on serverless
How to build a social network on serverlessHow to build a social network on serverless
How to build a social network on serverless
Yan Cui
 
Serverless in production, an experience report (CoDe-Conf)
Serverless in production, an experience report (CoDe-Conf)Serverless in production, an experience report (CoDe-Conf)
Serverless in production, an experience report (CoDe-Conf)
Yan Cui
 
A. De Biase/C. Quatrini/M. Barsocchi - API Release Process: how to make peopl...
A. De Biase/C. Quatrini/M. Barsocchi - API Release Process: how to make peopl...A. De Biase/C. Quatrini/M. Barsocchi - API Release Process: how to make peopl...
A. De Biase/C. Quatrini/M. Barsocchi - API Release Process: how to make peopl...
Codemotion
 
DevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless world
DevSecCon
 
Security in Serverless world
Security in Serverless worldSecurity in Serverless world
Security in Serverless world
Yan Cui
 

More Related Content

What's hot

Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless world
Yan Cui
 
Serverless security: defence against the dark arts
Serverless security: defence against the dark artsServerless security: defence against the dark arts
Serverless security: defence against the dark arts
Yan Cui
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
Chris Gates
 
Patterns and practices for building resilient serverless applications.pdf
Patterns and practices for building resilient serverless applications.pdfPatterns and practices for building resilient serverless applications.pdf
Patterns and practices for building resilient serverless applications.pdf
Yan Cui
 
Patterns and practices for building resilient serverless applications
Patterns and practices for building resilient serverless applicationsPatterns and practices for building resilient serverless applications
Patterns and practices for building resilient serverless applications
Yan Cui
 
How to build a social network on serverless
How to build a social network on serverlessHow to build a social network on serverless
How to build a social network on serverless
Yan Cui
 

What's hot (20)

Serverless in production, an experience report
Serverless in production, an experience reportServerless in production, an experience report
Serverless in production, an experience report
 
Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless world
 
Containerizing your Security Operations Center
Containerizing your Security Operations CenterContainerizing your Security Operations Center
Containerizing your Security Operations Center
 
How did we get here and where are we going
How did we get here and where are we goingHow did we get here and where are we going
How did we get here and where are we going
 
Serverless security: defence against the dark arts
Serverless security: defence against the dark artsServerless security: defence against the dark arts
Serverless security: defence against the dark arts
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
 
How to bring chaos engineering to serverless
How to bring chaos engineering to serverlessHow to bring chaos engineering to serverless
How to bring chaos engineering to serverless
 
How to build observability into a serverless application
How to build observability into a serverless applicationHow to build observability into a serverless application
How to build observability into a serverless application
 
Lambda and DynamoDB best practices
Lambda and DynamoDB best practicesLambda and DynamoDB best practices
Lambda and DynamoDB best practices
 
Serverless in production, an experience report (microservices london)
Serverless in production, an experience report (microservices london)Serverless in production, an experience report (microservices london)
Serverless in production, an experience report (microservices london)
 
Serverless is a win for businesses, not just developers
Serverless is a win for businesses, not just developersServerless is a win for businesses, not just developers
Serverless is a win for businesses, not just developers
 
Patterns and practices for building resilient serverless applications.pdf
Patterns and practices for building resilient serverless applications.pdfPatterns and practices for building resilient serverless applications.pdf
Patterns and practices for building resilient serverless applications.pdf
 
Patterns and practices for building resilient serverless applications
Patterns and practices for building resilient serverless applicationsPatterns and practices for building resilient serverless applications
Patterns and practices for building resilient serverless applications
 
Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless world
 
Serverless in production, an experience report (London js community)
Serverless in production, an experience report (London js community)Serverless in production, an experience report (London js community)
Serverless in production, an experience report (London js community)
 
Troubleshooting serverless applications
Troubleshooting serverless applicationsTroubleshooting serverless applications
Troubleshooting serverless applications
 
Streams and serverless at DAZN
Streams and serverless at DAZNStreams and serverless at DAZN
Streams and serverless at DAZN
 
How to build a social network on serverless
How to build a social network on serverlessHow to build a social network on serverless
How to build a social network on serverless
 
Serverless in production, an experience report (CoDe-Conf)
Serverless in production, an experience report (CoDe-Conf)Serverless in production, an experience report (CoDe-Conf)
Serverless in production, an experience report (CoDe-Conf)
 
A. De Biase/C. Quatrini/M. Barsocchi - API Release Process: how to make peopl...
A. De Biase/C. Quatrini/M. Barsocchi - API Release Process: how to make peopl...A. De Biase/C. Quatrini/M. Barsocchi - API Release Process: how to make peopl...
A. De Biase/C. Quatrini/M. Barsocchi - API Release Process: how to make peopl...
 

Similar to Security in serverless world (get.net)

DevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless world
DevSecCon
 
Serverless security: defense against the dark arts
Serverless security: defense against the dark artsServerless security: defense against the dark arts
Serverless security: defense against the dark arts
Yan Cui
 
Serverless Security: Defence Against the Dark Arts
Serverless Security: Defence Against the Dark ArtsServerless Security: Defence Against the Dark Arts
Serverless Security: Defence Against the Dark Arts
Yan Cui
 
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
Casey Bisson
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
EC-Council
 
Drupalcamp es 2013 drupal with lxc docker and vagrant
Drupalcamp es 2013 drupal with lxc docker and vagrant Drupalcamp es 2013 drupal with lxc docker and vagrant
Drupalcamp es 2013 drupal with lxc docker and vagrant
Ricardo Amaro
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Shakacon
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Black Duck by Synopsys
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Tim Mackey
 

Similar to Security in serverless world (get.net) (20)

DevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless world
 
Security in Serverless world
Security in Serverless worldSecurity in Serverless world
Security in Serverless world
 
Serverless security: defense against the dark arts
Serverless security: defense against the dark artsServerless security: defense against the dark arts
Serverless security: defense against the dark arts
 
Serverless Security: Defence Against the Dark Arts
Serverless Security: Defence Against the Dark ArtsServerless Security: Defence Against the Dark Arts
Serverless Security: Defence Against the Dark Arts
 
Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
 
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
 
Container security
Container securityContainer security
Container security
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
 
Drupalcamp es 2013 drupal with lxc docker and vagrant
Drupalcamp es 2013 drupal with lxc docker and vagrant Drupalcamp es 2013 drupal with lxc docker and vagrant
Drupalcamp es 2013 drupal with lxc docker and vagrant
 
Stups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWSStups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWS
 
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdftheVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
 
Docker Platform and Ecosystem
Docker Platform and EcosystemDocker Platform and Ecosystem
Docker Platform and Ecosystem
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
 
There is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureThere is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless Architecture
 
Docker en kernel security
Docker en kernel securityDocker en kernel security
Docker en kernel security
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 

More from Yan Cui

How serverless changes the cost paradigm
How serverless changes the cost paradigmHow serverless changes the cost paradigm
How serverless changes the cost paradigm
Yan Cui
 
Build social network in 4 weeks
Build social network in 4 weeksBuild social network in 4 weeks
Build social network in 4 weeks
Yan Cui
 
Building a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQLBuilding a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQL
Yan Cui
 

More from Yan Cui (20)

How to win the game of trade-offs
How to win the game of trade-offsHow to win the game of trade-offs
How to win the game of trade-offs
 
How to choose the right messaging service
How to choose the right messaging serviceHow to choose the right messaging service
How to choose the right messaging service
 
How to choose the right messaging service for your workload
How to choose the right messaging service for your workloadHow to choose the right messaging service for your workload
How to choose the right messaging service for your workload
 
Lessons from running AppSync in prod
Lessons from running AppSync in prodLessons from running AppSync in prod
Lessons from running AppSync in prod
 
Serverless observability - a hero's perspective
Serverless observability - a hero's perspectiveServerless observability - a hero's perspective
Serverless observability - a hero's perspective
 
How to ship customer value faster with step functions
How to ship customer value faster with step functionsHow to ship customer value faster with step functions
How to ship customer value faster with step functions
 
How serverless changes the cost paradigm
How serverless changes the cost paradigmHow serverless changes the cost paradigm
How serverless changes the cost paradigm
 
Why your next serverless project should use AWS AppSync
Why your next serverless project should use AWS AppSyncWhy your next serverless project should use AWS AppSync
Why your next serverless project should use AWS AppSync
 
Build social network in 4 weeks
Build social network in 4 weeksBuild social network in 4 weeks
Build social network in 4 weeks
 
Migrating existing monolith to serverless in 8 steps
Migrating existing monolith to serverless in 8 stepsMigrating existing monolith to serverless in 8 steps
Migrating existing monolith to serverless in 8 steps
 
Building a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQLBuilding a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQL
 
FinDev as a business advantage in the post covid19 economy
FinDev as a business advantage in the post covid19 economyFinDev as a business advantage in the post covid19 economy
FinDev as a business advantage in the post covid19 economy
 
How to improve lambda cold starts
How to improve lambda cold startsHow to improve lambda cold starts
How to improve lambda cold starts
 
What can you do with lambda in 2020
What can you do with lambda in 2020What can you do with lambda in 2020
What can you do with lambda in 2020
 
A chaos experiment a day, keeping the outage away
A chaos experiment a day, keeping the outage awayA chaos experiment a day, keeping the outage away
A chaos experiment a day, keeping the outage away
 
How to debug slow lambda response times
How to debug slow lambda response timesHow to debug slow lambda response times
How to debug slow lambda response times
 
What can you do with lambda in 2020
What can you do with lambda in 2020What can you do with lambda in 2020
What can you do with lambda in 2020
 
How to ship customer value faster with step functions
How to ship customer value faster with step functionsHow to ship customer value faster with step functions
How to ship customer value faster with step functions
 
Debugging Lambda timeouts
Debugging Lambda timeoutsDebugging Lambda timeouts
Debugging Lambda timeouts
 
Serverless a superpower for frontend developers
Serverless a superpower for frontend developersServerless a superpower for frontend developers
Serverless a superpower for frontend developers
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Recently uploaded (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Security in serverless world (get.net)