Serverless architecture presents new security challenges. Some are equal to those we know from traditional application development, but some take a new form. Both, developers and attackers must start thinking differently to gain the upper hand. Damn Vulnerable Serverless Application (DVSA) is a deliberately vulnerable, open-source tool, aiming to be an aid for security professionals to test their skills and tools in a legal environment. In this talk, I will cover common attack vectors which have changed from what we were used to. After this talk, you should be able to deploy your own vulnerable app and have basic skills to gain your serverless pen-testing advantage.

In the past year, Tal Melamed been experimenting in offensive and defensive security for the serverless technology, as part of his role as Head of Security Research at Protego Labs. Specializing in AppSec, he has more than 15 years of experience in security research and vulnerability assessment, previously working for leading security organizations such as Synack, AppSec Labs, CheckPoint, and RSA. Tal is also the leader and creator of the OWASP Serverless Top 10 and DVSA projects.

@dvsaowasp, @_nu11p0inter

Back to Derbycon 2019 video list