Loading…
Welcome to Bsides Seattle 2020
Back To Schedule
Saturday, October 17 • 1:00pm - 1:55pm
ZeroTrusting Serverless Applications: Protecting Microservices using Secure Design Patterns

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Serverless applications are the latest trend that is disrupting the world of microservices. Microservices enables developers to move faster with continuous delivery and deployment of large, enterprise applications. They offer loose coupling through modularity, scalability and fault isolation and resiliency from a security perspective. However, the resulting distributed systems are often complex with a large attack surface, making traditional security assessments difficult.  Tasks such as security design review, threat modeling, security code reviews and especially security testing becomes challenging due to the overall scope of feature deployment spanned across multiple services and domains and the speed at which these are deployed.  Therefore, if security is not baked into the design and architecture, the applications are suspectable to a variety of security attacks.
The main purpose of this presentation is to discuss the common security pitfalls associated with serverless application variable such as “Backend-as-a-Service” (BaaS) or “Functions-as-a-service” (FaaS). The talk will also cover discuss microservices architecture and design in order to analyze how certain aspects of security is achievable at scale through these patterns.

The target audience for this talk is security engineers, security architects, software development engineers and managers, and anyone who is involved in designing and deploying the end to end applications based on microservices oriented architecture. The attendees will walk away with a general understanding of security issues related to serverless applications and a framework to mitigate residual risk challenges through secure design patterns.

Speakers
avatar for Trupti Shiralkar

Trupti Shiralkar

Principal Application Security Engineer, Illumio
Trupti Shiralkar is a Principal Application Security Engineer at the world’s most customer-centric security company Illumio. She has a strong passion for security and privacy and believes in influencing security by creating a mutual win for all involved parties. She enjoys diving... Read More →


Saturday October 17, 2020 1:00pm - 1:55pm PDT
Track A