• CTO & Co-founder at PURESEC, Serverless security
• Involved in AppSec field since the 90’s
• AppShield (World’s 1st WAF), IBM AppScan, Akamai Kona Cloud
Security
• Author of 20+ patents in the fields of App Security
HTTP/2 fingerprinting, SSHowDowN Proxy (IoT), JS Code-flow
Manipulation, HQL Tampering, Apache httpd RCE (CVE-2002-0061),
Apache OpenWhisk Mutability (CVE-2018-11756/7), Serverless Security
Top 10, CSA Serverless Security Top 12 - & contributed to HTTP Response
Splitting, HTTP Request Smuggling, MITRE CWE, SANS Top25, …
Founder & guitarist of the Israeli
Art-Rock band PITS
https://pits1.bandcamp.com/
About Me ( @orysegal )
Agenda
SERVERLESS SECURITY IN A NUTSHELL
FOCUS ON A FEW RISKS & PITFALLS
GET OUR HANDS DIRTY WITH A LIVE DEMO
ACTION ITEMS FOR YOU
Why Serverless?
Serverless Benefits
No servers to manage
Continuous scaling
Sub-second metering
Less security responsibilities