AWS Lambda Security

Track:
When: Wed PM-1
Where: Portland
Organizers Giorgio Bonfiglio Giorgio Bonfiglio , James Wharton James Wharton
Participants Andrew Johnstone Andrew Johnstone , John Killilea John Killilea , Vladimir Voskresenskiy Vladimir Voskresenskiy , Jaimen Lathia Jaimen Lathia , Chris Allen Chris Allen , Simon Pavillon Simon Pavillon , Stephen de Vries Stephen de Vries , Mario Platt Mario Platt , Aurelijus Stanislovaitis Aurelijus Stanislovaitis , Daniel Garcia (cr0hn) Daniel Garcia (cr0hn) , Francois Raynaud Francois Raynaud , Gabor Pek Gabor Pek , Giorgio Bonfiglio Giorgio Bonfiglio , Imran Mohammed A Imran Mohammed A , Paul Dubourg Paul Dubourg , Stu Hirst Stu Hirst , Thomas Franceschini Thomas Franceschini , Wayne Moore Wayne Moore
Remote Participants Abhi Raj Abhi Raj , Anton Delsink Anton Delsink , Barbara Prevel Barbara Prevel , Lubo Vikev Lubo Vikev , Madhu Akula Madhu Akula , Mohanish Mahajan Mohanish Mahajan , Mustaqiim Muhar Mustaqiim Muhar , Sergio Issi Sergio Issi , Vandana Verma Vandana Verma

Why

Because AWS Lambda lets us run code without provisioning or managing servers. What security risks are in place?

What

  • How to do security reviews on code running on AWS Lambda?
  • How to add Security to DevOps practices?
  • How to detect malicious functions?
  • What features are missing?
  • Are users aware of existing features?

Outcomes

AWS Lambda Security Cheatsheet AWS Lambda Security To-Do scripts AWS Lambda Security Checklist

Who

The target audience for this Working Session is:

  • AWS Security team
  • AWS Lambda developers
  • AWS Lamba users

Working materials

Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions)

Previous Summit Working Session

https://owaspsummit.org/Working-Sessions/Tools/AWS-Lambda-Security.html