360-degree view of Lambda Security

Abstract

Research on Lambda SAST vulnerabilities and Automation of the process.

Our research includes investigating secure ways of implementing AWS lambda architecture, automating the secure code analysis of AWS functions and its mitigations. Since Lambda supports a large number of runtime languages, developers can use it to create whole backend functionality while AWS handles the security. The core objective focuses on the flaws that might occur in lambda code, triggering lambda functions, overly permissive IAM roles, API gateway concerns, leveraging third-party dependencies, insufficient logging & monitoring and OWASP Server-less top 10.


Speakers Information


Apoorva Jois

Apoorva is an OSCP certified security enthusiast with three years of experience in the field. Her primary areas of expertise are web application pentesting, API pentesting, network security and infrastructure security pentesting. She is currently employed as a Security Engineer at CRED, where she primarily focuses on Application Security and is also a pentester at Cobalt.io. She has been inducted into several Halls of Fame, including RedHat, Rackspace, KFC etc and is also an active member of Synack Red Team where she finds and reports vulnerabilities to various organizations.


Kajal Nair

Kajal Nair is an OSWE certified Security Engineer at Amazon who has been involved in the security community for nearly 4.5 years. She enjoys going through thousands, if not millions, of lines of code in order to find flaws in the source code. In her eyes, every line of code she writes is a work of art, which drew her to examine the code, break it, and help fix it, as well as build tools to assist her.





View Full Schedule

Subscribe to Our Mailing List

Join our community mailing list for updated on conference annoucements, important dates and discussions.