TRACK 11 – OWASP
Applicationsecurity
WHERE?
Lillehammer Kino sal 2
WHEN?
Tuesday, 14:00 - 14:30
Language
English
Paolo Spagli, Sr. Security Researcher, Cloud-Native
ABOUT THE PRESENTATION
Serverless technology eliminates the need for development teams to provision servers, and it also results in some security threats being passed to the cloud provider. This frees up the developers to concentrate on building logic and producing value quickly. But cloud functions still execute code. If the software is written poorly, it can lead to a cloud disaster.
What are the new challenges that organization now faces? In many organizations, the application security team struggles to keep up with the speed of development in a serverless environment. Traditional testing tools not only provide very limited coverage, but also slow development cycles unacceptably. Serverless code contains a mixture of cloud configurations and application programming interfaces. As a result, legacy solutions lack the context that is necessary in a serverless environment, and the consequence is a lack of observability and slower response times.
Fortunately, it does not have to be this way. Organizations can leverage robust security during serverless development, automatically—if it is done properly.
ABOUT THE PRESENTER
Paolo Spagli is Senior Security Researcher for Cloud-Native technologies at Contrast Security. In this role he is committed to help development teams shipping secure applications in the cloud. Prior to Contrast, Paolo was a Cloud Security Lead Architect at Baker Hughes. Paolo has over 15 years of experience in many fields including web development, software architecture, cloud technologies, security architecture, application security, DevSecOps.