Serverless security: defense against the dark arts

Yan Cui
Yan CuiSpeaker at Self
Serverless Security defense against the dark arts
Yan Cui http://theburningmonk.com @theburningmonk AWS user for 10 years
http://bit.ly/yubl-serverless
Yan Cui http://theburningmonk.com @theburningmonk Developer Advocate @
Serverless security: defense against the dark arts
Yan Cui http://theburningmonk.com @theburningmonk Independent Consultant
Shared Responsibility Model
Shared Responsibility Model
protection from OS attacks Amazon automatically apply latest patches to host VMs
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
still have to patch your code vulnerable code, 3rd party dependencies, etc.
Serverless security: defense against the dark arts
https://snyk.io/blog/owasp-top-10-breaches
https://snyk.io/blog/owasp-top-10-breaches Known Vulnerable Components cause 24% of the top 50 data breaches
https://snyk.io/blog/77-percent-of-sites-use-vulnerable-js-libraries
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
http://bit.ly/2topw5I
use prepared statements
sanitise inputs & outputs (standardise and encapsulate into shared lib)
security is as much about what your function should do as well as what it shouldn’t do (protect against data exfiltration)
Serverless security: defense against the dark arts
http://bit.ly/2gSHtay Broken Access Control Insecure Direct Object Reference Information Leakage GraphQL Injection
http://bit.ly/2uKhGXF
Serverless security: defense against the dark arts
app dependencies is a attack surface BIGGER than you think
your dependencies
your dependencies transient dependencies
https://david-dm.org/request/request?view=tree
Serverless security: defense against the dark arts
https://snyk.io
security updates are often bundled with unrelated feature and API changes
your security is as strong as its weakest link
OS Application Dependencies physical infrastructure NPM Authors Container runs in runs in runs in has hosted by published by pushes to Developers develops uses Users guardsprotects Networking runs on needs Source Code has maintains
OS Application Dependencies physical infrastructure NPM Authors Container runs in runs in runs in has hosted by published by pushes to Developers develops uses Users guardsprotects Networking needs runs on this is where an attacker will target in a movie Source Code has maintains
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
OS Dependencies physical infrastructure NPM Authors Container runs in runs in runs in has hosted by published by pushes to Developers develops uses Users guardsprotects Application A9 Networking runs on needs Source Code has maintains A1, A3, …
people are often the WEAKEST link in the security chain
Serverless security: defense against the dark arts
OS Dependencies physical infrastructure NPM Authors Container runs in runs in runs in has hosted by published by pushes to Developers develops uses Users guardsprotects Application phishing… Networking runs on needs Source Code has maintains
OS Dependencies physical infrastructure NPM Authors Container runs in runs in runs in has hosted by published by pushes to Developers develops uses Users guardsprotects Application brute force, known account leaks, … Networking runs on needs Source Code has maintains
OS Dependencies physical infrastructure NPM Authors Container runs in runs in runs in has hosted by published by pushes to Developers develops uses Users guardsprotects Application brute force, known account leaks, … Networking runs on needs Source Code has maintains
http://bit.ly/2sFDwYX …obtained publish access to 14% of npm packages…
http://bit.ly/2sFDwYX debug, request, react, co, express, moment, gulp, mongoose, mysql, bower, browserify, electron, jasmine, cheerio, modernizr, redux, …
http://bit.ly/2sFDwYX total downloads/month of the unique packages which I got myself publish access to was 1 972 421 945, that’s 20% of the total number of d/m directly.
20% of all monthly NPM downloads…
brute force known account leaks from other sources leaked NPM credentials (github, etc.)
http://bit.ly/2sFDwYX
http://bit.ly/2sFDwYX 662 users had password “123456” 172 — “123” 124 — “password”
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
WTF!?!?
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
oh god, that was too easy…
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
compromised package is a transient dependency sigh…
still “works”…
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
npmjs.com/~hacktask
Serverless security: defense against the dark arts
rm -rf /!!!
Serverless security: defense against the dark arts
NPM default - get latest “compatible” version, ie. 1.X.X
clean install (eg. on CI server) will download the latest, compromised package without any code change… NPM default - get latest “compatible” version, ie. 1.X.X
Serverless security: defense against the dark arts
use npm shrinkwrap or upgrade to NPM 5 or above
use `npm ci` in CI environment
not specific to Node.js or NPM
the attackers are in…
the attackers are in… what now?
Shared Responsibility Model
who can invoke the function?
what can the function access?
Least Privilege Principle
Serverless security: defense against the dark arts
everything here is trusted
Serverless security: defense against the dark arts
sensitive data
http://bit.ly/2zHvbcB
always public access is controlled via IAM
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
https://www.puresec.io/function-shield
Serverless security: defense against the dark arts
http://bit.ly/2lNInES
adds up to 10s to cold start!! http://bit.ly/2lNInES
Serverless security: defense against the dark arts
compromised servers allow attacker to access all of your sensitive data!
implement authentication and authorization for internal APIs
Serverless security: defense against the dark arts
use AWS_IAM authentication for internal APIs
Serverless security: defense against the dark arts
minimise function’s access
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
requires developer discipline
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
AWS Lambda docs Write your Lambda function code in a stateless style, and ensure there is no affinity between your code and the underlying compute infrastructure. http://amzn.to/2jzLmkb
S3 AWS IoT DynamoDB RDS EventStore Elasticsearch Couchbase Redshift Neo4j Google BigQuery
secure sensitive data both at rest and in-transit
leverage server-side encryption
http://amzn.to/1N3Twb8
http://amzn.to/1xF41eX
http://amzn.to/2tgvFR2
https://amzn.to/2DaXFwA
Least Privilege Principle
Disposability is a virtue
AWS Lambda docs Delete old Lambda functions that you are no longer using. http://amzn.to/2jzLmkb
easier said than done…
identifying component ownership in a big IT organization is challenging
identifying ownership of individual functions is much harder
tag every function with Team name
source: http://www.digitalattackmap.com
more likely to scale through DoS attacks
DoS + per exec billing = Denial of Wallet problem
configure WAF rules on API Gateway and CloudFront
review the default API Gateway throttling settings
Serverless security: defense against the dark arts
AWS Shield Advanced also gives you access to the AWS DDoS Response Team (DRT) and protection against DDoS related spikes in your ELB, CloudFront or Route 53 charges.
async sync S3 SNS SES CloudFormation CloudWatch Logs CloudWatch Events Scheduled Events CodeCommit AWS Config http://amzn.to/2vs2lIg Cognito Alexa Lex API Gateway pulling DynamoDB Stream Kinesis Stream SQS Lambda handles retries (twice, then DLQ)
http://bit.ly/2v7F2E4
DoS attack 2+ Retries+ ?
DoS attack Regex DoS attack long Lambda timeout 2+ Retries+ ?
Serverless security: defense against the dark arts
avoid (unnecessary) long timeouts
alert on error rate
Day 1
Day 2
Serverless security: defense against the dark arts
no long-lived compromised servers
containers are reused, avoid sensitive data in /tmp
https://www.puresec.io/function-shield
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
no accidentally exposed directories
Serverless security: defense against the dark arts
cryptojacking
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
http://bit.ly/2tlGTbc
monitor activities in unused regions using CloudWatch Events
Serverless security: defense against the dark arts
set up billing alarms in unused regions
watertight compartments that can contain water in the case of hull breach or other leaks
Michael Nygard
least privilege principle
per function policies
account level isolation
Recap
app dependencies is a attack surface BIGGER than you think
Serverless security: defense against the dark arts
sanitise inputs and outputs
Least Privilege Principle
here’s your per function policy NEXT!
S3 AWS IoT DynamoDB RDS EventStore Elasticsearch Couchbase Redshift Neo4j Google BigQuery encrypt data at rest
S3 AWS IoT DynamoDB RDS EventStore Elasticsearch Couchbase Redshift Neo4j Google BigQuery and in-transit
delete unused functions.
DoS DoW* * Denial of Wallet
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
no server* no OS attacks no long lived compromised servers * I know I know, there’s still a server somewhere, but it’s managed and secured by AWS engineers who can do a much better job of it than most of us can; and the servers are ephemeral and short-lived
don’t be an unwilling bit miner
don’t be an unwilling bit miner safeguard your credentials…
prod dev compartmentalise breaches
people are often the WEAKEST link in the security chain
@theburningmonk theburningmonk.com github.com/theburningmonk
https://theburningmonk.com/hire-me AdviseTraining Delivery
1 of 182

Serverless security: defense against the dark arts

Download to read offline
Technology

AWS has taken over the responsibilities of patching the OS and securing the underlying physical infrastructure that runs your serverless application, so what’s left for you to secure? Quite a bit it turns out. The OWASP top 10 is as relevant to you as ever; DOS attacks are still a threat even if you can probably brute force your way through it as AWS auto-scales Lambda functions automatically; and did you know attackers can easily steal your AWS credentials via your application dependencies? In addition to the traditional threats, serverless applications have more granular deployment units and therefore there are more things to configure and secure, and the tools and practices are still catching up with this fast-changing world.

Yan Cui
Yan CuiSpeaker at Self

Recommended

Security in serverless world by
Security in serverless worldSecurity in serverless world
Security in serverless worldYan Cui
1.5K views172 slides
Building a social network in under 4 weeks with Serverless and GraphQL by
Building a social network in under 4 weeks with Serverless and GraphQLBuilding a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQLYan Cui
1.1K views153 slides
AWS security - NULL meet chennai by
AWS security - NULL meet chennaiAWS security - NULL meet chennai
AWS security - NULL meet chennaivinoth kumar
1.2K views15 slides
DevOps, Microservices and Serverless Architecture by
DevOps, Microservices and Serverless ArchitectureDevOps, Microservices and Serverless Architecture
DevOps, Microservices and Serverless ArchitectureMikhail Prudnikov
721 views41 slides
Deep Dive on Elastic Load Balancing by
Deep Dive on Elastic Load BalancingDeep Dive on Elastic Load Balancing
Deep Dive on Elastic Load BalancingAmazon Web Services
1.8K views63 slides
DevOps On AWS - Deep Dive on Continuous Delivery by
DevOps On AWS - Deep Dive on Continuous DeliveryDevOps On AWS - Deep Dive on Continuous Delivery
DevOps On AWS - Deep Dive on Continuous DeliveryMikhail Prudnikov
251 views57 slides

More Related Content

What's hot

AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr... by
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...Amazon Web Services
1.1K views52 slides
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs by
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIsAmazon Web Services
17.1K views40 slides
(SEC202) Best Practices for Securely Leveraging the Cloud by
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the CloudAmazon Web Services
8.1K views19 slides
Serverless - minimizing the attack surface by
Serverless - minimizing the attack surfaceServerless - minimizing the attack surface
Serverless - minimizing the attack surfaceAvi Shulman
898 views35 slides
Working with microservices and Amazon ECS at Airtime by
Working with microservices and Amazon ECS at AirtimeWorking with microservices and Amazon ECS at Airtime
Working with microservices and Amazon ECS at AirtimeAmazon Web Services
1.2K views43 slides
Introduction to Docker on AWS by
Introduction to Docker on AWSIntroduction to Docker on AWS
Introduction to Docker on AWSAmazon Web Services
1.3K views64 slides

What's hot(20)

AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr... by Amazon Web Services
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
Amazon Web Services1.1K views
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs by Amazon Web Services
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
Amazon Web Services17.1K views
(SEC202) Best Practices for Securely Leveraging the Cloud by Amazon Web Services
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud
Amazon Web Services8.1K views
Serverless - minimizing the attack surface by Avi Shulman
Serverless - minimizing the attack surfaceServerless - minimizing the attack surface
Serverless - minimizing the attack surface
Avi Shulman898 views
Working with microservices and Amazon ECS at Airtime by Amazon Web Services
Working with microservices and Amazon ECS at AirtimeWorking with microservices and Amazon ECS at Airtime
Working with microservices and Amazon ECS at Airtime
Amazon Web Services1.2K views
Introduction to Docker on AWS by Amazon Web Services
Introduction to Docker on AWSIntroduction to Docker on AWS
Introduction to Docker on AWS
Amazon Web Services1.3K views
Event-Driven Serverless Apps - Pop-up Loft Tel Aviv by Amazon Web Services
Event-Driven Serverless Apps - Pop-up Loft Tel AvivEvent-Driven Serverless Apps - Pop-up Loft Tel Aviv
Event-Driven Serverless Apps - Pop-up Loft Tel Aviv
Amazon Web Services701 views
AWS re:Invent 2016: Deep Dive: Building and Delivering Mobile Apps for the En... by Amazon Web Services
AWS re:Invent 2016: Deep Dive: Building and Delivering Mobile Apps for the En...AWS re:Invent 2016: Deep Dive: Building and Delivering Mobile Apps for the En...
AWS re:Invent 2016: Deep Dive: Building and Delivering Mobile Apps for the En...
Amazon Web Services1.1K views
Containers for Non-Developers by Amazon Web Services
Containers for Non-DevelopersContainers for Non-Developers
Containers for Non-Developers
Amazon Web Services859 views
AWS re:Invent 2016: Deep-Dive: Native, Hybrid and Web patterns with Serverles... by Amazon Web Services
AWS re:Invent 2016: Deep-Dive: Native, Hybrid and Web patterns with Serverles...AWS re:Invent 2016: Deep-Dive: Native, Hybrid and Web patterns with Serverles...
AWS re:Invent 2016: Deep-Dive: Native, Hybrid and Web patterns with Serverles...
Amazon Web Services1.6K views
A Tale of Two Pizzas: Developer Tools at AWS - DevDay Los Angeles 2017 by Amazon Web Services
A Tale of Two Pizzas: Developer Tools at AWS - DevDay Los Angeles 2017A Tale of Two Pizzas: Developer Tools at AWS - DevDay Los Angeles 2017
A Tale of Two Pizzas: Developer Tools at AWS - DevDay Los Angeles 2017
Amazon Web Services322 views
Deep Dive on Microservices and Amazon ECS by Amazon Web Services
Deep Dive on Microservices and Amazon ECSDeep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECS
Amazon Web Services931 views
DevOps in Amazon.com by Amazon Web Services
DevOps in Amazon.com DevOps in Amazon.com
DevOps in Amazon.com
Amazon Web Services1.4K views
API310 - How to refactor a monolith to serverless in 8 steps by Yan Cui
API310 - How to refactor a monolith to serverless in 8 stepsAPI310 - How to refactor a monolith to serverless in 8 steps
API310 - How to refactor a monolith to serverless in 8 steps
Yan Cui464 views
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity by Amazon Web Services
Creating Your Virtual Data Center: VPC Fundamentals and ConnectivityCreating Your Virtual Data Center: VPC Fundamentals and Connectivity
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity
Amazon Web Services605 views
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017 by Amazon Web Services
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Amazon Web Services574 views
DevOps at Amazon: A Look at Our Tools and Processes by Amazon Web Services
DevOps at Amazon: A Look at Our Tools and Processes DevOps at Amazon: A Look at Our Tools and Processes
DevOps at Amazon: A Look at Our Tools and Processes
Amazon Web Services5.9K views
網路安全自動化 - 縮短應用維安的作業時間 by Amazon Web Services
網路安全自動化 - 縮短應用維安的作業時間網路安全自動化 - 縮短應用維安的作業時間
網路安全自動化 - 縮短應用維安的作業時間
Amazon Web Services833 views
Serverless use cases with AWS Lambda - More Serverless Event by Boaz Ziniman
Serverless use cases with AWS Lambda - More Serverless EventServerless use cases with AWS Lambda - More Serverless Event
Serverless use cases with AWS Lambda - More Serverless Event
Boaz Ziniman481 views
Stephen Liedig: Building Serverless Backends with AWS Lambda and API Gateway by Steve Androulakis
Stephen Liedig: Building Serverless Backends with AWS Lambda and API GatewayStephen Liedig: Building Serverless Backends with AWS Lambda and API Gateway
Stephen Liedig: Building Serverless Backends with AWS Lambda and API Gateway
Steve Androulakis683 views

Similar to Serverless security: defense against the dark arts

DevSecCon London 2018: Security in the serverless world by
DevSecCon London 2018: Security in the serverless worldDevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon
298 views172 slides
Security in serverless world by
Security in serverless worldSecurity in serverless world
Security in serverless worldYan Cui
1.4K views171 slides
Serverless security: defence against the dark arts by
Serverless security: defence against the dark artsServerless security: defence against the dark arts
Serverless security: defence against the dark artsYan Cui
876 views180 slides
Security in serverless world (get.net) by
Security in serverless world (get.net)Security in serverless world (get.net)
Security in serverless world (get.net)Yan Cui
1.7K views179 slides
Security in Serverless world by
Security in Serverless worldSecurity in Serverless world
Security in Serverless worldYan Cui
784 views158 slides
Security in serverless world by
Security in serverless worldSecurity in serverless world
Security in serverless worldYan Cui
3.5K views154 slides

Similar to Serverless security: defense against the dark arts(20)

DevSecCon London 2018: Security in the serverless world by DevSecCon
DevSecCon London 2018: Security in the serverless worldDevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless world
DevSecCon298 views
Security in serverless world by Yan Cui
Security in serverless worldSecurity in serverless world
Security in serverless world
Yan Cui1.4K views
Serverless security: defence against the dark arts by Yan Cui
Serverless security: defence against the dark artsServerless security: defence against the dark arts
Serverless security: defence against the dark arts
Yan Cui876 views
Security in serverless world (get.net) by Yan Cui
Security in serverless world (get.net)Security in serverless world (get.net)
Security in serverless world (get.net)
Yan Cui1.7K views
Security in Serverless world by Yan Cui
Security in Serverless worldSecurity in Serverless world
Security in Serverless world
Yan Cui784 views
Security in serverless world by Yan Cui
Security in serverless worldSecurity in serverless world
Security in serverless world
Yan Cui3.5K views
Serverless Security: Defence Against the Dark Arts by Yan Cui
Serverless Security: Defence Against the Dark ArtsServerless Security: Defence Against the Dark Arts
Serverless Security: Defence Against the Dark Arts
Yan Cui291 views
Continuous Security: From tins to containers - now what! by Michael Man
Continuous Security: From tins to containers - now what!Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!
Michael Man463 views
Container security by Anthony Chow
Container securityContainer security
Container security
Anthony Chow225 views
Continuous Integration: SaaS vs Jenkins in Cloud by Ideato
Continuous Integration: SaaS vs Jenkins in CloudContinuous Integration: SaaS vs Jenkins in Cloud
Continuous Integration: SaaS vs Jenkins in Cloud
Ideato12.1K views
Digital Forensics and Incident Response in The Cloud Part 3 by Velocidex Enterprises
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
Velocidex Enterprises813 views
Docker - Demo on PHP Application deployment by Arun prasath
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
Arun prasath13.4K views
Docker Security workshop slides by Docker, Inc.
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
Docker, Inc.5.3K views
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf by Gabriel Mathenge
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdftheVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
Gabriel Mathenge212 views
Scaleable PHP Applications in Kubernetes by Robert Lemke
Scaleable PHP Applications in KubernetesScaleable PHP Applications in Kubernetes
Scaleable PHP Applications in Kubernetes
Robert Lemke52 views
Europe Cloud Summit - Security hardening of public cloud services by Runcy Oommen
Europe Cloud Summit - Security hardening of public cloud servicesEurope Cloud Summit - Security hardening of public cloud services
Europe Cloud Summit - Security hardening of public cloud services
Runcy Oommen287 views
Stups.io - an Open Source Cloud Framework for AWS by Jan Löffler
Stups.io - an Open Source Cloud Framework for AWSStups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWS
Jan Löffler1.2K views
Drupalcamp es 2013 drupal with lxc docker and vagrant by Ricardo Amaro
Drupalcamp es 2013 drupal with lxc docker and vagrant Drupalcamp es 2013 drupal with lxc docker and vagrant
Drupalcamp es 2013 drupal with lxc docker and vagrant
Ricardo Amaro3.8K views
Containerizing your Security Operations Center by Jimmy Mesta
Containerizing your Security Operations CenterContainerizing your Security Operations Center
Containerizing your Security Operations Center
Jimmy Mesta985 views
There is No Server: Immutable Infrastructure and Serverless Architecture by Sonatype
There is No Server: Immutable Infrastructure and Serverless ArchitectureThere is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless Architecture
Sonatype 1.1K views

More from Yan Cui

How to win the game of trade-offs by
How to win the game of trade-offsHow to win the game of trade-offs
How to win the game of trade-offsYan Cui
21 views84 slides
How to choose the right messaging service by
How to choose the right messaging serviceHow to choose the right messaging service
How to choose the right messaging serviceYan Cui
135 views118 slides
How to choose the right messaging service for your workload by
How to choose the right messaging service for your workloadHow to choose the right messaging service for your workload
How to choose the right messaging service for your workloadYan Cui
65 views113 slides
Patterns and practices for building resilient serverless applications.pdf by
Patterns and practices for building resilient serverless applications.pdfPatterns and practices for building resilient serverless applications.pdf
Patterns and practices for building resilient serverless applications.pdfYan Cui
170 views137 slides
Lambda and DynamoDB best practices by
Lambda and DynamoDB best practicesLambda and DynamoDB best practices
Lambda and DynamoDB best practicesYan Cui
817 views148 slides
Lessons from running AppSync in prod by
Lessons from running AppSync in prodLessons from running AppSync in prod
Lessons from running AppSync in prodYan Cui
1.1K views102 slides

More from Yan Cui(20)

How to win the game of trade-offs by Yan Cui
How to win the game of trade-offsHow to win the game of trade-offs
How to win the game of trade-offs
Yan Cui21 views
How to choose the right messaging service by Yan Cui
How to choose the right messaging serviceHow to choose the right messaging service
How to choose the right messaging service
Yan Cui135 views
How to choose the right messaging service for your workload by Yan Cui
How to choose the right messaging service for your workloadHow to choose the right messaging service for your workload
How to choose the right messaging service for your workload
Yan Cui65 views
Patterns and practices for building resilient serverless applications.pdf by Yan Cui
Patterns and practices for building resilient serverless applications.pdfPatterns and practices for building resilient serverless applications.pdf
Patterns and practices for building resilient serverless applications.pdf
Yan Cui170 views
Lambda and DynamoDB best practices by Yan Cui
Lambda and DynamoDB best practicesLambda and DynamoDB best practices
Lambda and DynamoDB best practices
Yan Cui817 views
Lessons from running AppSync in prod by Yan Cui
Lessons from running AppSync in prodLessons from running AppSync in prod
Lessons from running AppSync in prod
Yan Cui1.1K views
Serverless observability - a hero's perspective by Yan Cui
Serverless observability - a hero's perspectiveServerless observability - a hero's perspective
Serverless observability - a hero's perspective
Yan Cui385 views
How to ship customer value faster with step functions by Yan Cui
How to ship customer value faster with step functionsHow to ship customer value faster with step functions
How to ship customer value faster with step functions
Yan Cui652 views
How serverless changes the cost paradigm by Yan Cui
How serverless changes the cost paradigmHow serverless changes the cost paradigm
How serverless changes the cost paradigm
Yan Cui1.1K views
Why your next serverless project should use AWS AppSync by Yan Cui
Why your next serverless project should use AWS AppSyncWhy your next serverless project should use AWS AppSync
Why your next serverless project should use AWS AppSync
Yan Cui1.3K views
Build social network in 4 weeks by Yan Cui
Build social network in 4 weeksBuild social network in 4 weeks
Build social network in 4 weeks
Yan Cui642 views
Patterns and practices for building resilient serverless applications by Yan Cui
Patterns and practices for building resilient serverless applicationsPatterns and practices for building resilient serverless applications
Patterns and practices for building resilient serverless applications
Yan Cui393 views
How to bring chaos engineering to serverless by Yan Cui
How to bring chaos engineering to serverlessHow to bring chaos engineering to serverless
How to bring chaos engineering to serverless
Yan Cui456 views
Migrating existing monolith to serverless in 8 steps by Yan Cui
Migrating existing monolith to serverless in 8 stepsMigrating existing monolith to serverless in 8 steps
Migrating existing monolith to serverless in 8 steps
Yan Cui402 views
Building a social network in under 4 weeks with Serverless and GraphQL by Yan Cui
Building a social network in under 4 weeks with Serverless and GraphQLBuilding a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQL
Yan Cui289 views
FinDev as a business advantage in the post covid19 economy by Yan Cui
FinDev as a business advantage in the post covid19 economyFinDev as a business advantage in the post covid19 economy
FinDev as a business advantage in the post covid19 economy
Yan Cui546 views
How to improve lambda cold starts by Yan Cui
How to improve lambda cold startsHow to improve lambda cold starts
How to improve lambda cold starts
Yan Cui867 views
What can you do with lambda in 2020 by Yan Cui
What can you do with lambda in 2020What can you do with lambda in 2020
What can you do with lambda in 2020
Yan Cui1K views
A chaos experiment a day, keeping the outage away by Yan Cui
A chaos experiment a day, keeping the outage awayA chaos experiment a day, keeping the outage away
A chaos experiment a day, keeping the outage away
Yan Cui385 views
How to debug slow lambda response times by Yan Cui
How to debug slow lambda response timesHow to debug slow lambda response times
How to debug slow lambda response times
Yan Cui317 views

Recently uploaded

Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT by
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBITUpdates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBITShapeBlue
208 views8 slides
Why and How CloudStack at weSystems - Stephan Bienek - weSystems by
Why and How CloudStack at weSystems - Stephan Bienek - weSystemsWhy and How CloudStack at weSystems - Stephan Bienek - weSystems
Why and How CloudStack at weSystems - Stephan Bienek - weSystemsShapeBlue
247 views13 slides
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ... by
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...ShapeBlue
171 views28 slides
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue by
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlueShapeBlue
152 views23 slides
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ... by
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...ShapeBlue
129 views10 slides
Evaluation of Quality of Experience of ABR Schemes in Gaming Stream by
Evaluation of Quality of Experience of ABR Schemes in Gaming StreamEvaluation of Quality of Experience of ABR Schemes in Gaming Stream
Evaluation of Quality of Experience of ABR Schemes in Gaming StreamAlpen-Adria-Universität
38 views34 slides

Recently uploaded(20)

Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT by ShapeBlue
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBITUpdates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
ShapeBlue208 views
Why and How CloudStack at weSystems - Stephan Bienek - weSystems by ShapeBlue
Why and How CloudStack at weSystems - Stephan Bienek - weSystemsWhy and How CloudStack at weSystems - Stephan Bienek - weSystems
Why and How CloudStack at weSystems - Stephan Bienek - weSystems
ShapeBlue247 views
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ... by ShapeBlue
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
ShapeBlue171 views
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue by ShapeBlue
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue
ShapeBlue152 views
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ... by ShapeBlue
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
ShapeBlue129 views
Evaluation of Quality of Experience of ABR Schemes in Gaming Stream by Alpen-Adria-Universität
Evaluation of Quality of Experience of ABR Schemes in Gaming StreamEvaluation of Quality of Experience of ABR Schemes in Gaming Stream
Evaluation of Quality of Experience of ABR Schemes in Gaming Stream
Alpen-Adria-Universität38 views
Business Analyst Series 2023 - Week 4 Session 7 by DianaGray10
Business Analyst Series 2023 - Week 4 Session 7Business Analyst Series 2023 - Week 4 Session 7
Business Analyst Series 2023 - Week 4 Session 7
DianaGray10146 views
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And... by ShapeBlue
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
ShapeBlue108 views
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue by ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueVNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
ShapeBlue207 views
Ransomware is Knocking your Door_Final.pdf by Security Bootcamp
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
Security Bootcamp98 views
"Running students' code in isolation. The hard way", Yurii Holiuk by Fwdays
"Running students' code in isolation. The hard way", Yurii Holiuk "Running students' code in isolation. The hard way", Yurii Holiuk
"Running students' code in isolation. The hard way", Yurii Holiuk
Fwdays36 views
Cencora Executive Symposium by marketingcommunicati21
Cencora Executive SymposiumCencora Executive Symposium
Cencora Executive Symposium
marketingcommunicati21160 views
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or... by ShapeBlue
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
ShapeBlue199 views
Optimizing Communication to Optimize Human Behavior - LCBM by Yaman Kumar
Optimizing Communication to Optimize Human Behavior - LCBMOptimizing Communication to Optimize Human Behavior - LCBM
Optimizing Communication to Optimize Human Behavior - LCBM
Yaman Kumar38 views
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online by ShapeBlue
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineKVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
ShapeBlue225 views
MVP and prioritization.pdf by rahuldharwal141
MVP and prioritization.pdfMVP and prioritization.pdf
MVP and prioritization.pdf
rahuldharwal14139 views
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue by ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueElevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
ShapeBlue224 views
NTGapps NTG LowCode Platform by Mustafa Kuğu
NTGapps NTG LowCode Platform NTGapps NTG LowCode Platform
NTGapps NTG LowCode Platform
Mustafa Kuğu437 views
The Power of Generative AI in Accelerating No Code Adoption.pdf by Saeed Al Dhaheri
The Power of Generative AI in Accelerating No Code Adoption.pdfThe Power of Generative AI in Accelerating No Code Adoption.pdf
The Power of Generative AI in Accelerating No Code Adoption.pdf
Saeed Al Dhaheri39 views
The Power of Heat Decarbonisation Plans in the Built Environment by IES VE
The Power of Heat Decarbonisation Plans in the Built EnvironmentThe Power of Heat Decarbonisation Plans in the Built Environment
The Power of Heat Decarbonisation Plans in the Built Environment
IES VE84 views

Serverless security: defense against the dark arts