Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Owasp top 10 serverless

135 views

Published on

OWASP Nagoya Chapter 9
2019/2/8 発表資料

Published in: Technology
  • Be the first to comment

Owasp top 10 serverless

  1. 1. OWASP Top 10 2017 Serverless
  2. 2. ● ● IT ● SE ● ○ SE→ SE→ → SE ● ● ○
  3. 3. OWASP Top 10
  4. 4. OWASP Top 10 OWASP Serverless Top 10 ● ● OWASP Serverless Top 10 ● ●
  5. 5. OWASP Top 10 (1) ● Web ● ● ○ OWASP ■ OWASP Proactive Controls ■ OWASP ASVS ■ OWASP Testing Guide ■ OWASP Cheat Sheet ■ OWASP Automated Threats ○ ■ CWE ■ NIST
  6. 6. OWASP Top 10 (2) 1. A1:2017- 2. A2:2017- 3. A3:2017- 4. A4:2017-XML XXE 5. A5:2017- 6. A6:2017- 7. A7:2017- XSS 8. A8:2017- 9. A9:2017- 10. A10:2017-
  7. 7. OWASP Top 10 (3) ● ○ X: Denial of Service (DoS) ○ X: Denial of Wallet (DoW) ○ X: Insecure Secret Management ○ X: Insecure Shared Space ○ X: Business Logic / Flow manipulation
  8. 8. OWASP Top 10 FaaS AWS Lambda Google Cloud Functions
  9. 9. A1:2017 ◆ ● ● Function ○ ○ ○ ○ ○ ◆ ● ●
  10. 10. A1:2017 FaaS Function
  11. 11. A2:2017 ◆ ● Function Function ● Faas ◆ ● API
  12. 12. A2:2017 PullRequest SES Lambda
  13. 13. A3:2017 ◆ ● Function ● FaaS Function ◆ ● ● ● /tmp
  14. 14. A4:2017 XML ◆ ● VPC ● Function DoS ◆ ● XML XML
  15. 15. A5:2017 ◆ ● FaaS Function root/admin ● Function ◆ ● Function
  16. 16. A6:2017 ◆ ● FaaS ● Function ○ Function ○ ◆ ● ● … ○ github ○ ○ Function
  17. 17. A7:2017 ◆ ● XSS ◆ ●
  18. 18. A8:2017 ◆ ● Function ◆ ● ● ●
  19. 19. A9:2017 ◆ ●
  20. 20. A10:2017 ◆ ● FaaS ○ ○ ○ Function ○ ◆ ● ● FaaS
  21. 21. ● ● ● FaaS

×