A First Look at the Security of Serverless Applications - Eduard Marin, Telefonica Research
Abstract
Serverless computing is emerging as a new paradigm to deploy applications in the cloud, offering many advantages to cloud providers and their customers. Customers only have to be concerned about implementing their functions, leaving the management of the underlying hardware and software to cloud providers. Consequently, cloud providers are responsible for developing all security mechanisms to protect serverless applications from security attacks. Unfortunately, as serverless computing is a relatively new concept, its security has not yet been properly examined. In this talk, Eduard will shed light on the unique security threats and challenges of serverless platforms. Building on academic and industry research, Eduard will introduce the main types of security attacks against serverless applications along with the feasibility of realizing such attacks, and possible ways to mitigate them.