Serverless security modeling in Firebase

preview_player
Показать описание
Using secure design principles as our guide, we cover the default security of Firebase services and what developers need to do to configure and secure their applications. Walking through a simple serverless application built with Firebase backend products, we discuss different security threats, from malicious actors to user error. As we go, we build a checklist that you can use to audit your own app's security and protect yourself and your users.

00:00 Intro
02:39 Open source SDKs
03:35 DOS protection
06:39 API key management
08:11 Security Rules
12:23 Firebase Authentication
14:54 Anonymous Authentication
16:12 Limiting Team Access
17:27 Open source dependencies
18:58 Function Safety
20:34 Wrap up

Resources:

Speakers: Jon Skrip, Rachel Myers

Watch more:

#FirebaseSummit

event: Firebase Summit 2020; re_ty: Publish; product: Firebase - General; fullname: Jon Skrip, Rachel Myers;
  1. Firebase
  2. Firebase security
  3. Firebase security rules
  4. how to secure applications
  5. application security
  6. app security
Рекомендации по теме
Serverless security modeling 0:21:26

Serverless security modeling in Firebase

Why I Don't 0:00:33

Why I Don't Use Firebase as a DB

Serverless API with 0:46:15

Serverless API with Firebase

100 Firebase Tips, 0:24:31

100 Firebase Tips, Tricks, and Screw-ups

Security Rules! 🔑 0:22:39

Security Rules! 🔑 | Get to know Cloud Firestore #6

[TASK 7 ] 0:01:52

[TASK 7 ] Build a Serverless Web App with Firebase || #qwiklabs || #GSP643 || [With Explanation🗣️]...

Serverless Security Made 0:41:26

Serverless Security Made Simple (Cloud Next '19)

Building Secure Mobile 0:39:42

Building Secure Mobile Apps With Firebase (Cloud Next '19)

💥 Security in 0:05:48

💥 Security in a Serverless Architecture - Firestore Security Rules

Security Rules deep 0:12:09

Security Rules deep dive

when your serverless 0:03:51

when your serverless computing bill goes parabolic...

Take Care of 0:31:39

Take Care of Data Privacy in a Serverless World with Firebase (Cloud Next '19)

Build a Serverless 0:14:47

Build a Serverless Web App with Firebase || [GSP643] || Solution

Five tips to 0:25:12

Five tips to secure your app (Firebase Summit 2018)

Introduction to Firebase 0:07:07

Introduction to Firebase Security Rules - Firecasts

Build a Serverless 0:09:31

Build a Serverless Web App with Firebase | GSP643 | Atul Gupta #qwiklabs

Build a Serverless 0:13:51

Build a Serverless Web App with Firebase || #qwiklabs || #GSP643 || [With Explanation🗣️]

Serverless security best 0:58:56

Serverless security best practices | Serverless Office Hours

Serverless Firebase Development: 0:09:22

Serverless Firebase Development: Challenge Lab-[GSP344]

Serverless with Firebase 0:51:03

Serverless with Firebase in the wild - Duncan Hunter

Build a Serverless 0:09:48

Build a Serverless Web App with Firebase | GSP643 | Solution

Build a Serverless 0:00:57

Build a Serverless Web App with Firebase || GSP643 | FACING ERROR |PROBLEM SOLVE#shorts#shortsvideo

Serverless with Firebase 0:50:53

Serverless with Firebase in the wild - Duncan Hunter

I tried 5 0:10:31

I tried 5 Firebase alternatives

Комментарии
Автор

why should we not put sensitive information in function's environment variables? 19:20

bosung
Автор

You mentioned API Key scoping. I can't find documents for this. Where can I learn how to do this? thank you!

somevideos
Автор

I have spent hours scouring the entire Firebase channel for a Firebase video in which there is a precious sequence diagram that illustrates the Firebase OAuth Authentication flow but still cannot find it 😢 (Rachel Myers is also in this video). If any one know the Firebase video i'm looing for, please give me the link, I would be very grateful 🥺

sonxuannguyen
Автор

How do I limit the instance count of a firebase function? It looks like there is --max-instances option in gcloud command, but I use firebase deploy to deploy my functions. It doesn't seem to have --max-instances option.

lahiruchandima
Автор

It would be great if Firebase team also provide dedicated video about this separation of privilage at 16:26

agung_laksana
Автор

Could you go over the quotas especially for functions, in the Google console it seems like most quotas are deprecated and then in a separate section when we edit a function we can change the runtime settings and the maximum instances. If a function returns helloworld, would 10 instances allow 10 people to hit that endpoint at one moment in time...I have one function that has scaled to 2500 instances...not sure if that's my bad coding or it is that many requests at once...

matthewbeardsley