Q2 TLV Community Q2 Blitz @JFrog Welcomes Christina Warren, Senior Github Advocate

Our Talk -First Line of Defense for the OWASP Serverless Top 10

Serverless architecture has brought a lot of comfort and elegance to software delivery, making it quite appealing for modern application engineering. However, it's not without its drawbacks. In fact, serverless architecture introduces a whole new set of security implications that should be considered early when building your applications.

The OWASP Serverless Top 10 is an excellent reference for educating practitioners and organizations about the potential security risks and consequences when implementing serverless architecture, as well as how to mitigate these. However, as with all things engineering - if isn't automated and built into developer workflows, most of the time it just won't happen.

In this talk we'll walk you through the current serverless security state of the union - known methods for securing your serverless applications, the manual methods vs. automated techniques. We'll wrap up with practical ways for translating these known risks into an automated plan built for any language, tech stack or feature, providing practical methods to take back control and mitigate these known top 10 serverless exploits with code.

‍