Dates
Conferences
Tags
Sort by:
Most recent
Conference: Defcon 31
Authors: Marcello "byt3bl33d3r" Salvati Hacker & Entrepreneur
2023-08-01
Ever wake up and ask yourself: “Damn, how could I make email security suck even more today”?
Tired of your Red Teams phishing emails not landing in your targets inbox?
Do you dislike Boston (the city) and love Satan?
If you answered yes to any of those questions you should come to this talk!
I'll be showing you how to spoof emails from 2 million+ domains (while also “bypassing” SPF & DMARC!) by (ab)using a partnership between Cloudflare and the “biggest transactional email service” on the interwebs. We'll be diving into "edge" serverless applications and the magical world of email security where everything is (still) held up by duct tape, pasta, and marinara sauce. Finally, I’ll be dropping code and releasing a tool that demonstrates how to impersonate emails from 2million+ domains.
Conference: Global AppSec Dublin 2023
Authors: Tal Melamed
2023-02-16
tldr - powered by Generative AI
Best practices for securing serverless functions
- Serverless functions have dependencies that can introduce vulnerabilities
- Cloud providers offer some security measures but it's important to scan for vulnerabilities in your own code and dependencies
- Logging and monitoring are important but require automation to be effective
- Permissions and authentication are crucial for securing serverless functions
- Stateless nature of serverless functions makes authentication challenging
Conference: OWASP 20th Anniversary Event
Authors: Miguel Calles
2021-09-24
tldr - powered by Generative AI
The presentation discusses the importance of implementing security measures in cloud computing, particularly in serverless technologies, to reduce costs and ensure data privacy.
- Leverage temporary credentials and short-lived policies to mitigate risks
- Monitor AWS service outages and failures to prevent data loss
- Implement multi-region and multi-cloud designs to ensure application availability
- Use local storage and session storage to store data in case of API call failures
- Perform cost engineering to optimize application costs and reduce total cost to collect for toll operators
- Implement proper cloud security principles to ensure data privacy and security
- Resources for learning about serverless and serverless security include blogs, books, and cloud provider documentation