Ory Segal

A world-renowned expert in application security, with 20 years of experience in the field. Ory is the CTO and co-founder of PureSec, a start-up that enables organizations to build and maintain secure and reliable serverless applications. Prior to PureSec, Ory was Sr. Director of Threat Research at Akamai, were he led a team of top web security & big data researchers. Prior to Akamai, Ory worked at IBM as the Security Products Architect and Product Manager for the market leading application security solution IBM Security AppScan. Ory authored 20 patents in the field of application security, static analysis, dynamic analysis, threat reputation systems, etc. Ory is serving as an officer of the Web Application Security Consortium (WASC), he is a member of the W3C WebAppSec working group, and was an OWASP Israel board member.

Talk: Serverless Security: Attackers & Defenders

In serverless, the cloud provider is responsible for securing the underlying infrastructure, from the data centers all the way up to the container and runtime environment. This relieves much of the security burden from the application owner, however it also poses many unique challenges when it comes to securing the application layer. ​In this presentation, we will discuss the most critical challenges related to securing serverless applications - from development to deployment. We will also walk through a live demo of a realistic serverless application that contains several common vulnerabilities, and see how they can be exploited by attackers, and how to secure them. I will also use examples from the real world, including a story on how we hacked a real world serverless application for bounty, and won.

Back to the agenda

Sponsors

ServerlessDays Milano is a no-profit community-run event:
support the serverless community and become a sponsor today!

Headline sponsors

Amazon Web Services
beSharp
Accenture
 

Supporter & Community sponsors

SIGHUP
Digital Attitude
Cloudflare
Epsagon
Google Cloud
TeamSystem
Moviri
DAZN
Voxnest
Wisemotions
superluminar
 

Media & Diversity Partners

Serverless Italy Meetup
ComPVter
GrUSP
CloudConf
Avanscoperta