Collaborate Disseminate
The API of a mobile app I was testing is sending the AWS AccessKeyId and SecretKey used for request signing from the AWS Cognito server unencrypted (apart from the regular TLS encryption). Making it possible to re-sign all requests to thei… Continue reading What is the use case of request signing in this mobile app?
AWS today announced a number of IoT-related updates that, for the most part, aim to make getting started with its IoT services easier, especially for companies that are trying to deploy a large fleet of devices. The marquee announcement, however, is about the Alexa Voice Service, which makes Amazon’s Alex voice assistant available to hardware […] Continue reading AWS expands its IoT services, brings Alexa to devices with only 1MB of RAM
As we move from a world dominated by virtual machines to one of serverless, it changes the nature of monitoring, and vendors like New Relic certainly recognize that. This morning the company announced it was acquiring IOpipe, an early-stage Seattle serverless monitoring startup to help beef up its serverless monitoring chops. Terms of the deal […] Continue reading New Relic snags early stage serverless monitoring startup IOpipe
New Relic, the SaaS applications performance management platform, announced a major update to that platform today. Instead of ripping off the band-aid all at once, the company has decided to take a more measured approach to change, giving customers a chance to ease into it. The new platform, called New Relic One has been designed […] Continue reading New Relic takes a measured approach to platform overhaul
Background Protego is the provider of a comprehensive security solution for cloud native and serverless applications, providing enhanced […]
The post Layers and Runtimes @ Protego appeared first on Protego.
The post Layers and Runtimes @ Protego … Continue reading Layers and Runtimes @ Protego
Watch the video below or listen to the audio on SoundCloud. For this episode, Hillel and Tal from […]
The post The Serverless Show: The View from Different Angles appeared first on Protego.
The post The Serverless Show: The View from Different An… Continue reading The Serverless Show: The View from Different Angles
Watch the video below or listen to the audio on SoundCloud. For this episode, Hillel and Tal from […]
The post The Serverless Show: Make it Someone Else’s Problem appeared first on Protego.
The post The Serverless Show: Make it Someone Else… Continue reading The Serverless Show: Make it Someone Else’s Problem
In order to demonstrate the security risks and implications of an insecure serverless application, we created an AWS Lambda application, which contains a vulnerability, and on top of that, we applied an over-permissive AWS IAM role to the function… Continue reading Hacking a Serverless Application (Demo)
Today we are releasing a free serverless security protection library for AWS Lambda functions, which enables developers to harden the behavior of serverless runtimes and immunize functions against unwanted and potentially malicious behavior.
The p… Continue reading FunctionShield: A Free Serverless Protection Library to Help Harden Your Serverless Apps
Permalink
The post CircleCity Con 2018, Bryan McAninch’s ‘The FaaS And The Curious: AWS Lambda Threat Modeling’ appeared first on Security Boulevard.
Continue reading CircleCity Con 2018, Bryan McAninch’s ‘The FaaS And The Curious: AWS Lambda Threat Modeling’