Listen to the latest episode of the Secure Developer podcastListen now
close

Chapter

Risks in Serverless Technologies

with Pawel Kusiński
play_circle

Description:

This chapter event welcomed Pawell Kusiński, Senior IT Security Consultant at Securing.

Pawel Kusiński’s session was all about Risks in Serverless Technologies. Serverless computing is not only a popular option in the cloud environments, but also a suggested method for creating a lot of things! Did you even think about how it works under the hood? Is serverless really server-less? How execution environment works? Is persistence even possible in this event-driven compute service? I won’t be lying – Remote Code Executions are rare, but what if there is one in your function? Pawel demonstrates how to use it to acquire persistency and exfiltrate more data than function role gives.

Agenda:

01. How the infrastructure in serverless works.

02. Why persistence is possible in this semi-volatile environment.

03. How to research serverless environment using pseudo shell over HTTP.

04. How can we make use of an RCE vulnerability to obtain a persistence – exploitation demo will be shown! Possible mitigations.

 

Join our discord server to discuss this talk and many others! All things DevSecOps in one place 🗣

Tags:

Pawel Kusiński

Senior IT Security Consultant at Securing

About Pawel Kusiński

On daily basis I deal with application security (web & mobile) but I am particularly interested in cloud security.

I am also a fan of participating in various types of associations related to whole IT Security field – I also had the opportunity of hosting and conducting a few workshops in this domain.

Of course, the learning process is continuous, so I am eager to learn new things.

We use cookies to ensure you get the best experience on our website.Read Privacy Policy
close