Owasp top 10 serverless

隆博 田中
Feb. 18, 2019
Owasp top 10 serverless
Owasp top 10 serverless
Owasp top 10 serverless
Owasp top 10 serverless
Owasp top 10 serverless
Owasp top 10 serverless
Owasp top 10 serverless
Owasp top 10 serverless
Owasp top 10 serverless
Owasp top 10 serverless
Owasp top 10 serverless
Owasp top 10 serverless
Owasp top 10 serverless
Owasp top 10 serverless
Owasp top 10 serverless
Owasp top 10 serverless
Owasp top 10 serverless
Owasp top 10 serverless
Owasp top 10 serverless
Owasp top 10 serverless
Owasp top 10 serverless
1 of 21

Owasp top 10 serverless

Feb. 18, 2019
Download to read offline
Technology

OWASP Nagoya Chapter 9 2019/2/8 発表資料

隆博 田中

Recommended

2017대선 빅데이터 분석2017대선 빅데이터 분석
2017대선 빅데이터 분석지승 한1.2K views13 slides
사진형SNS 인스플사진형SNS 인스플
사진형SNS 인스플지승 한199 views11 slides
Intro to ES6 / ES2015Intro to ES6 / ES2015
Intro to ES6 / ES2015Jamal Sinclair O'Garro563 views29 slides
OWASP top10 2017, Montpellier JUG de NoelOWASP top10 2017, Montpellier JUG de Noel
OWASP top10 2017, Montpellier JUG de NoelHubert Gregoire420 views18 slides
What's New in MySQL 8.0 @ HKOSC 2017What's New in MySQL 8.0 @ HKOSC 2017
What's New in MySQL 8.0 @ HKOSC 2017Ivan Ma182 views32 slides
MySQL no Paypal Tesla e UberMySQL no Paypal Tesla e Uber
MySQL no Paypal Tesla e UberMySQL Brasil762 views50 slides

More Related Content

Similar to Owasp top 10 serverless

Azure App Gateway and Log Analytics under Penetration TestsAzure App Gateway and Log Analytics under Penetration Tests
Azure App Gateway and Log Analytics under Penetration TestsRoy Kim350 views20 slides
OSV operating systemOSV operating system
OSV operating systemEmad Soltani49 views20 slides
SAP on AWS 이관사례로 알아보는 SAP 혁신 전략 - 이진욱, AWS SAP on AWS Solutions ArchitectSAP on AWS 이관사례로 알아보는 SAP 혁신 전략 - 이진욱, AWS SAP on AWS Solutions Architect
SAP on AWS 이관사례로 알아보는 SAP 혁신 전략 - 이진욱, AWS SAP on AWS Solutions ArchitectAmazon Web Services Korea1.3K views35 slides
Deployment of SAP Solutions on AWS (Level 200)Deployment of SAP Solutions on AWS (Level 200)
Deployment of SAP Solutions on AWS (Level 200)Amazon Web Services762 views35 slides
Migrando aplicaciones SAP a AWSMigrando aplicaciones SAP a AWS
Migrando aplicaciones SAP a AWSAmazon Web Services LATAM184 views27 slides
Bentobox ExerciseBentobox Exercise
Bentobox ExerciseEster Kais34 views17 slides

Similar to Owasp top 10 serverless(20)

Azure App Gateway and Log Analytics under Penetration TestsAzure App Gateway and Log Analytics under Penetration Tests
Azure App Gateway and Log Analytics under Penetration Tests
Roy Kim350 views
OSV operating systemOSV operating system
OSV operating system
Emad Soltani49 views
SAP on AWS 이관사례로 알아보는 SAP 혁신 전략 - 이진욱, AWS SAP on AWS Solutions ArchitectSAP on AWS 이관사례로 알아보는 SAP 혁신 전략 - 이진욱, AWS SAP on AWS Solutions Architect
SAP on AWS 이관사례로 알아보는 SAP 혁신 전략 - 이진욱, AWS SAP on AWS Solutions Architect
Amazon Web Services Korea1.3K views
Deployment of SAP Solutions on AWS (Level 200)Deployment of SAP Solutions on AWS (Level 200)
Deployment of SAP Solutions on AWS (Level 200)
Amazon Web Services762 views
Migrando aplicaciones SAP a AWSMigrando aplicaciones SAP a AWS
Migrando aplicaciones SAP a AWS
Amazon Web Services LATAM184 views
Bentobox ExerciseBentobox Exercise
Bentobox Exercise
Ester Kais34 views
Building prediction models with Amazon Redshift and Amazon MLBuilding prediction models with Amazon Redshift and Amazon ML
Building prediction models with Amazon Redshift and Amazon ML
Julien SIMON3.9K views
NodeJS Serverless backends for your frontendsNodeJS Serverless backends for your frontends
NodeJS Serverless backends for your frontends
Carlos Santana474 views
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...
Codemotion562 views
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...
Demi Ben-Ari156 views
SRV315_How We Built a Mission-Critical, Serverless File Processing Pipeline f...SRV315_How We Built a Mission-Critical, Serverless File Processing Pipeline f...
SRV315_How We Built a Mission-Critical, Serverless File Processing Pipeline f...
Amazon Web Services2.6K views
AWS re:Invent 2016 Fast ForwardAWS re:Invent 2016 Fast Forward
AWS re:Invent 2016 Fast Forward
Shuen-Huei Guan2.9K views
GPSWKS401_Designing a Cloud Enterprise Data WarehouseGPSWKS401_Designing a Cloud Enterprise Data Warehouse
GPSWKS401_Designing a Cloud Enterprise Data Warehouse
Amazon Web Services464 views
Cloud Native Applications on OpenShiftCloud Native Applications on OpenShift
Cloud Native Applications on OpenShift
Serhat Dirik601 views
OSOM Operations in the CloudOSOM Operations in the Cloud
OSOM Operations in the Cloud
mstuparu401 views
OSOM - Operations in the CloudOSOM - Operations in the Cloud
OSOM - Operations in the Cloud
Marcela Oniga293 views
Monitoring with Icinga2 at AdobeMonitoring with Icinga2 at Adobe
Monitoring with Icinga2 at Adobe
Icinga3.1K views
Addressing Issues of Risk & Governance in OpenStack without sacrificing Agili...Addressing Issues of Risk & Governance in OpenStack without sacrificing Agili...
Addressing Issues of Risk & Governance in OpenStack without sacrificing Agili...
OpenStack1.4K views
MySQL8.0 in COSCUP2017MySQL8.0 in COSCUP2017
MySQL8.0 in COSCUP2017
Shinya Sugiyama5.8K views
SAP portal: breaking and forensicating SAP portal: breaking and forensicating
SAP portal: breaking and forensicating
ERPScan567 views

More from 隆博 田中

WhatsTheCedar.pptxWhatsTheCedar.pptx
WhatsTheCedar.pptx隆博 田中57 views12 slides
Create ECS Cluster (Fargate)Create ECS Cluster (Fargate)
Create ECS Cluster (Fargate)隆博 田中205 views6 slides
Aws security ssrf_updateAws security ssrf_update
Aws security ssrf_update隆博 田中93 views19 slides
Aws security ssrfAws security ssrf
Aws security ssrf隆博 田中438 views18 slides
Aws first step_ec2_vpcAws first step_ec2_vpc
Aws first step_ec2_vpc隆博 田中69 views19 slides
Aws security part1Aws security part1
Aws security part1隆博 田中70 views21 slides

More from 隆博 田中(7)

WhatsTheCedar.pptxWhatsTheCedar.pptx
WhatsTheCedar.pptx
隆博 田中57 views
Create ECS Cluster (Fargate)Create ECS Cluster (Fargate)
Create ECS Cluster (Fargate)
隆博 田中205 views
Aws security ssrf_updateAws security ssrf_update
Aws security ssrf_update
隆博 田中93 views
Aws security ssrfAws security ssrf
Aws security ssrf
隆博 田中438 views
Aws first step_ec2_vpcAws first step_ec2_vpc
Aws first step_ec2_vpc
隆博 田中69 views
Aws security part1Aws security part1
Aws security part1
隆博 田中70 views
Well architected framework_first_stepWell architected framework_first_step
Well architected framework_first_step
隆博 田中65 views

Recently uploaded

AI and ML Series - Generative Extraction and Classification of Documents in S...AI and ML Series - Generative Extraction and Classification of Documents in S...
AI and ML Series - Generative Extraction and Classification of Documents in S...DianaGray1067 views14 slides
Orbyfy Grid e-Services_vFx.pdfOrbyfy Grid e-Services_vFx.pdf
Orbyfy Grid e-Services_vFx.pdfOrbyfy19 views6 slides
How SACCOs can increase their memberships AD_compressed (1).pdfHow SACCOs can increase their memberships AD_compressed (1).pdf
How SACCOs can increase their memberships AD_compressed (1).pdfCoretecDigital75 views14 slides
NoSQL Data Migration Masterclass - Session 1 Migration Strategies and ChallengesNoSQL Data Migration Masterclass - Session 1 Migration Strategies and Challenges
NoSQL Data Migration Masterclass - Session 1 Migration Strategies and ChallengesScyllaDB53 views36 slides
GDSC INFO.pptxGDSC INFO.pptx
GDSC INFO.pptxAshishChanchal136 views15 slides
Doorsvision-The-Future-of-Smart-Communities gama adj.pdfDoorsvision-The-Future-of-Smart-Communities gama adj.pdf
Doorsvision-The-Future-of-Smart-Communities gama adj.pdfMustafa Kuğu84 views19 slides

Recently uploaded(20)

AI and ML Series - Generative Extraction and Classification of Documents in S...AI and ML Series - Generative Extraction and Classification of Documents in S...
AI and ML Series - Generative Extraction and Classification of Documents in S...
DianaGray1067 views
Orbyfy Grid e-Services_vFx.pdfOrbyfy Grid e-Services_vFx.pdf
Orbyfy Grid e-Services_vFx.pdf
Orbyfy19 views
How SACCOs can increase their memberships AD_compressed (1).pdfHow SACCOs can increase their memberships AD_compressed (1).pdf
How SACCOs can increase their memberships AD_compressed (1).pdf
CoretecDigital75 views
NoSQL Data Migration Masterclass - Session 1 Migration Strategies and ChallengesNoSQL Data Migration Masterclass - Session 1 Migration Strategies and Challenges
NoSQL Data Migration Masterclass - Session 1 Migration Strategies and Challenges
ScyllaDB53 views
GDSC INFO.pptxGDSC INFO.pptx
GDSC INFO.pptx
AshishChanchal136 views
Doorsvision-The-Future-of-Smart-Communities gama adj.pdfDoorsvision-The-Future-of-Smart-Communities gama adj.pdf
Doorsvision-The-Future-of-Smart-Communities gama adj.pdf
Mustafa Kuğu84 views
Daily Scrum, Sprint Review & Retrospective.pptxDaily Scrum, Sprint Review & Retrospective.pptx
Daily Scrum, Sprint Review & Retrospective.pptx
Md. Rakib Trofder90 views
Diogo Monteiro- KAMK Certificate - Demola Global Project 2023.pdfDiogo Monteiro- KAMK Certificate - Demola Global Project 2023.pdf
Diogo Monteiro- KAMK Certificate - Demola Global Project 2023.pdf
DiogoMonteiro78696022 views
GDSC23 - Info Session GDSC KIET (1).pptxGDSC23 - Info Session GDSC KIET (1).pptx
GDSC23 - Info Session GDSC KIET (1).pptx
SnehaAggarwal40119 views
AWS Toolkit.pptxAWS Toolkit.pptx
AWS Toolkit.pptx
Brandon Minnick, MBA54 views
GDSC_Info_Session_KITTiptur.pptxGDSC_Info_Session_KITTiptur.pptx
GDSC_Info_Session_KITTiptur.pptx
RadhikaNA38 views
INASLA_AI and Landscape Architecture.pptxINASLA_AI and Landscape Architecture.pptx
INASLA_AI and Landscape Architecture.pptx
Jonathon Geels66 views
What's Coming in CloudStack 4.19What's Coming in CloudStack 4.19
What's Coming in CloudStack 4.19
ShapeBlue122 views
CloudStack Object Storage Framework & DemoCloudStack Object Storage Framework & Demo
CloudStack Object Storage Framework & Demo
ShapeBlue109 views
What’s new in Kotlin 12-08-2023 Google IO Cairo 23What’s new in Kotlin 12-08-2023 Google IO Cairo 23
What’s new in Kotlin 12-08-2023 Google IO Cairo 23
Ahmed Nabil66 views
Mitigating Common CloudStack Instance Deployment FailuresMitigating Common CloudStack Instance Deployment Failures
Mitigating Common CloudStack Instance Deployment Failures
ShapeBlue109 views
Future of Virtual realityFuture of Virtual reality
Future of Virtual reality
mdpavel413 views
Deploying CloudStack with CephDeploying CloudStack with Ceph
Deploying CloudStack with Ceph
ShapeBlue108 views
NTGapps DTB Platform.pdfNTGapps DTB Platform.pdf
NTGapps DTB Platform.pdf
Mustafa Kuğu165 views
AI and ML Series - Leveraging Generative AI and LLMs Using the UiPath Platfor...AI and ML Series - Leveraging Generative AI and LLMs Using the UiPath Platfor...
AI and ML Series - Leveraging Generative AI and LLMs Using the UiPath Platfor...
DianaGray1048 views

Owasp top 10 serverless

  1. OWASP Top 10 2017 Serverless
  2. ● ● IT ● SE ● ○ SE→ SE→ → SE ● ● ○
  3. OWASP Top 10
  4. OWASP Top 10 OWASP Serverless Top 10 ● ● OWASP Serverless Top 10 ● ●
  5. OWASP Top 10 (1) ● Web ● ● ○ OWASP ■ OWASP Proactive Controls ■ OWASP ASVS ■ OWASP Testing Guide ■ OWASP Cheat Sheet ■ OWASP Automated Threats ○ ■ CWE ■ NIST
  6. OWASP Top 10 (2) 1. A1:2017- 2. A2:2017- 3. A3:2017- 4. A4:2017-XML XXE 5. A5:2017- 6. A6:2017- 7. A7:2017- XSS 8. A8:2017- 9. A9:2017- 10. A10:2017-
  7. OWASP Top 10 (3) ● ○ X: Denial of Service (DoS) ○ X: Denial of Wallet (DoW) ○ X: Insecure Secret Management ○ X: Insecure Shared Space ○ X: Business Logic / Flow manipulation
  8. OWASP Top 10 FaaS AWS Lambda Google Cloud Functions
  9. A1:2017 ◆ ● ● Function ○ ○ ○ ○ ○ ◆ ● ●
  10. A1:2017 FaaS Function
  11. A2:2017 ◆ ● Function Function ● Faas ◆ ● API
  12. A2:2017 PullRequest SES Lambda
  13. A3:2017 ◆ ● Function ● FaaS Function ◆ ● ● ● /tmp
  14. A4:2017 XML ◆ ● VPC ● Function DoS ◆ ● XML XML
  15. A5:2017 ◆ ● FaaS Function root/admin ● Function ◆ ● Function
  16. A6:2017 ◆ ● FaaS ● Function ○ Function ○ ◆ ● ● … ○ github ○ ○ Function
  17. A7:2017 ◆ ● XSS ◆ ●
  18. A8:2017 ◆ ● Function ◆ ● ● ●
  19. A9:2017 ◆ ●
  20. A10:2017 ◆ ● FaaS ○ ○ ○ Function ○ ◆ ● ● FaaS
  21. ● ● ● FaaS