Boston Chapter

Join CSA Boston Chapter on January 12th @ 6pm EST for our next virtual event. Please RSVP on Meetup for the URL once posted.

Cloud-Native Security Testing, Forget Everything You Knew!

When adopting cloud-native technology, we eliminate the need to manage a server for our application. By doing so, we also pass some of the security threats to the cloud provider. However, cloud functions still execute code. If written poorly, it can lead to a cloud disaster.

Our code, our responsibility, right? Yes, we can always scan for CVEs, check, and move on. But what about our own code? We need to make sure we test it as well. But how can we do that with old, traditional testing tools that not only give very limited coverage but also slow us down to the point where we are better off without them.

Guess what? It doesn't have to be this way. In this talk, we will discuss common risks in cloud-native environments, emphasizing the relatively new, Serverless architecture. We will then cover existing testing methodologies and why they don't work well for us in such environments. Finally, I will present a new, completely frictionless way of testing your cloud-native applications, no scripts, no tests, no delays.

Speaker: Tal Melamed (LinkedIn Profile)

Tal recently joined Contrast Security to head the Cloud Native research as part of Contrast's new innovation center in Israel, after his company's acquisition. Previous to cloudessence, he was head of security research at Protego Labs, a Serverless security startup that was acquired by Check Point. Tal has over 15 years of experience in security research and engineering and his credibility has provided him with opportunities to speak at prestigious venues including BlackHat, Defcon, Derbycon, and more. As part of his agenda of bringing security to the community, he had trained hundreds of developers and ethical hackers around the world, and he now teaches at the cybersecurity master's program at Quinnipiac University. Tal is also an active member of the OWASP and AWS communities, where he leads several Open-Source projects, among them OWASP Serverless Top 10 and DVSA.

------------------------------
Daniel Nelson
CISO
TraceLink
------------------------------

Recording and slides for this event are available at the below links.

• Video: https://drive.google.com/file/d/1WSY7zsSoEqZi8rKdAr7xC_-MYcTnTRWa/view?usp=sharing
• Slides: https://drive.google.com/file/d/14ogpXc-kpZ7bAyv9vZ7J-oby47bJryA4/view?usp=sharing

------------------------------
Daniel Nelson
CISO
TraceLink
------------------------------

Original Message:
Sent: Dec 21, 2020 02:29:07 PM
From: Daniel Nelson
Subject: CSA Boston Event: Cloud-Native Security Testing, Forget Everything You Knew!

Join CSA Boston Chapter on January 12th @ 6pm EST for our next virtual event. Please RSVP on Meetup for the URL once posted.

Cloud-Native Security Testing, Forget Everything You Knew!

When adopting cloud-native technology, we eliminate the need to manage a server for our application. By doing so, we also pass some of the security threats to the cloud provider. However, cloud functions still execute code. If written poorly, it can lead to a cloud disaster.

Our code, our responsibility, right? Yes, we can always scan for CVEs, check, and move on. But what about our own code? We need to make sure we test it as well. But how can we do that with old, traditional testing tools that not only give very limited coverage but also slow us down to the point where we are better off without them.

Guess what? It doesn't have to be this way. In this talk, we will discuss common risks in cloud-native environments, emphasizing the relatively new, Serverless architecture. We will then cover existing testing methodologies and why they don't work well for us in such environments. Finally, I will present a new, completely frictionless way of testing your cloud-native applications, no scripts, no tests, no delays.

Speaker: Tal Melamed (LinkedIn Profile)

Tal recently joined Contrast Security to head the Cloud Native research as part of Contrast's new innovation center in Israel, after his company's acquisition. Previous to cloudessence, he was head of security research at Protego Labs, a Serverless security startup that was acquired by Check Point. Tal has over 15 years of experience in security research and engineering and his credibility has provided him with opportunities to speak at prestigious venues including BlackHat, Defcon, Derbycon, and more. As part of his agenda of bringing security to the community, he had trained hundreds of developers and ethical hackers around the world, and he now teaches at the cybersecurity master's program at Quinnipiac University. Tal is also an active member of the OWASP and AWS communities, where he leads several Open-Source projects, among them OWASP Serverless Top 10 and DVSA.

------------------------------
Daniel Nelson
CISO
TraceLink
------------------------------