This course covers the learning outcomes and goals of understanding security in serverless architectures, identifying potential attack vectors, and implementing defense strategies. The course teaches about serverless service architectures, common attack vectors like injection attacks and cross-site scripting, and tools such as Swagger UI, Lambda functions, and Amazon Cognito. The teaching method includes a mix of theoretical concepts and practical demonstrations. The intended audience for this course includes individuals with a general understanding of breaches and basic awareness of code concepts who are interested in learning about serverless security.
Overview
Syllabus
Introduction
Mistakes Happen
What is Serverless
Service Architectures
Under the Hood
Trust the Cloud Provider
What to worry about
Misconfigurations
Software
OS Top 10
Injection Attack
Error Message
Cross Site Scripting
Swagger
Swagger UI
US Top 10
Cloud
Persistence
Server List
Lambda Functions
Encryption
Networking
Server list frameworks
API gateways
CDN
Lambda at Edge
Amazon Cognito
Databases
Subdomain Takeover
Deployment Systems
Service Monitoring
Threat Modeling
Demo
Querying
Taught by
RSA Conference
