Serverless architecture has brought a lot of comfort and elegance to software delivery, making it quite appealing for modern application engineering. However, it's not without its drawbacks. In fact, serverless architecture introduces a whole new set of security implications that should be considered early when building your applications.The OWASP Serverless Top 10 is an excellent reference for educating practitioners and organizations about the potential security risks and consequences when implementing serverless architecture, as well as how to mitigate these. However, as with all things engineering - if isn't automated and built into developer workflows, most of the time it just won't happen.In this talk we'll walk you through the current serverless security state of the union - known methods for securing your serverless applications, the manual methods vs. automated techniques. We'll wrap up with practical ways for translating these known risks into an automated plan built for any language, tech stack or feature, providing practical methods to take back control and mitigate these known top 10 serverless exploits with code.
Linters are great tools that enable developers to create static analysis rules for their code base, and the most popular one in the Python ecosystem is Pylint - this talk will walk through some of its advanced feautres