AppSec USA 2016 has ended
Back To Schedule
Friday, October 14 • 9:15am - 10:00am
Serverless Security: Doing Security in 100 milliseconds

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Serverless is the awesome future of cloud computing. This session will focus on practical security approaches for serverless in four key areas: software supply chain, delivery pipeline, data flow, and attack detection.


Serverless is a design pattern gaining a lot of traction in DevOps shops. The serverless pattern allows scale without managing the servers or processes running the application. This is done across the continuum of cloud–from storage as a service to database as a service but the center of serverless is Functions as a Service (FaaS). FaaS offerings on the market include AWS Lambda, Azure Functions, and Google Cloud Functions. Now processes run for milliseconds before being destroyed and then get instantiated for subsequent requests.


Security changes under serverless and our traditional modes of firewalling and hardening all the things just won’t cut it. Practices like vulnerability discovery, code scanning and intrusion detection change in a serverless architecture. Other changes for serverless include how applications are built and deployed to how teams are structured.


This session will focus on practical security approaches and the four key areas of serverless security: software supply chain, delivery pipeline, data flow and attack detection. Even if you don’t have any experience with serverless, don’t worry, in this session we will start with the basics and you will learn what serverless is (it’s still being defined) and practical patterns for serverless adoption.

avatar for James Wickett

James Wickett

James does most of his research and work is at the intersection of the DevOps and Security communities. He works as a Sr. Engineer at Signal Sciences and is a supporter of the Rugged Software and Rugged DevOps movements. Seeing the gap in software testing, James founded an open source... Read More →

Friday October 14, 2016 9:15am - 10:00am EDT
Room C