BSidesNYC 2023 - Hacking Serverless Applications: A Treasure Map for Uncharted Waters - Matteo Rosi

Serverless technology eliminates the need for development teams to provision servers, passing the responsibility for some security threats to the cloud provider and freeing-up developers to concentrate on building logic and producing value quickly. But even without servers, serverless functions still execute code, which can lead to a cloud disaster, if not done right.

In this talk, we will discuss common risks and challenges in serverless environments. I will introduce techniques used by attackers to exploit Serverless apps in unconventional ways. I will also demonstrate exploits of recently discovered CVE, targeting cloud functions.