EVENT

Code PaLOUsa 2022

The OWASP Serverless Security Top 10 as Code

Our talk- The OWASP Serverless Security Top 10 as Code: Serverless architecture has brought a lot of comfort and elegance to software delivery, making it quite appealing for modern application engineering. However, it's not without its drawbacks. In fact, serverless architecture introduces a whole new set of security implications that should be considered early when building your applications.The OWASP Serverless Top 10 is an excellent reference for educating practitioners and organizations about the potential security risks and consequences when implementing serverless architecture, as well as how to mitigate these. However, as with all things engineering - if isn't automated and built into developer workflows, most of the time it just won't happen.In this talk we'll walk you through the current serverless security state of the union - known methods for securing your serverless applications, the manual methods vs. automated techniques. We'll wrap up with practical ways for translating these known risks into an automated plan built for any language, tech stack or feature, providing practical methods to take back control and mitigate these known top 10 serverless exploits with code.

Louisville, KY
August 17, 2022
-
August 19, 2022
Booth#
Clock- time
Register

Meet the Team:

Chris Koehnecke
VP Security Engineering & CISO
No items found.

Agenda

10:00 AM - 11:00PM
This is some text inside of a div block.
This is some text inside of a div block.
Solution Engineer

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

October 11, 2024; 1:30 AM-2:00 AM ET
Changing the Mindset: Security is QUALITY
David Melamed
Co-founder and CTO

Let's face it - now that we're a few years past the whole "shift left" trend, we can honestly say it has largely failed when considering security debt. Instead of solving issues earlier in the cycle, which was at the premise of the “shift left” promise, we mostly shifted the problem left. To date, security has largely been a source of friction between development and security teams––and fostering a proactive security culture among developers is still the holy grail a lot of companies are dreaming about without really managing to reach it. That's because this mindset needs a hard reset. We need to look at security completely differently. Security should not and cannot be decoupled from product quality - notably because developers are measured on code quality and velocity and not on how secure their code is. In the same way that our product's usability is a first-order engineering concern, security should be regarded in the exact same way. In this talk, I'll share some lessons learned and the way to bridge the gap between security and engineering, by changing the way it is viewed and implemented in current processes.

All Day DevOps

12:00 IST
Gilad Barzilay
VP of Business Development & Alliances

How to leverage AWS Marketplace

Aviram Shmueli
Co-Founder, Chief Research and Innovation Officer

AWS re:Invent

10:00 AM - 11:00AM
How to secure your cloud and code?
David Melamed
Co-founder and CTO

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna

Exploring The False Dichotomy Between Dev Velocity and Product Security
11:00 AM - 12:00AM
What Jit can do?
Avi Douglen
Founder and CEO at Bounce Security and Global Board of Directors at OWASP

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna