As serverless gains adoption, would-be attackers come prowling - and this means serverless security needs to level up. That said, serverless security know-how is still not a commodity, as most current security tools, apps and practices are targeted at more legacy architecture patterns, making it challenging to ramp up security at the pace of engineering.
Excellent resources have been created over the years, including the OWASP Serverless Top 10, however, understanding how to practically apply these takes time and research if you aren't a domain expert. In this talk, we'll take a deep dive on what a typical serverless app composed of lambda functions and containers looks like, including the various layers it's comprised of: code, infrastructure , runtime and its supply chain. We'll map each of these to the possible risks based on the OWASP Top 10 list, and demo through excellent opens source tools how you can defend your application against these threats on each of your app's layers.