Download pdf
This talk will discuss new and previously unknown methods of enumerating and targeting an application's serverless attack surface and leveraging these techniques to gain privileged access to component services. Real-world examples taken from dozens of penetration tests and example code will be provided.

Learning Objectives:
1: Learn new attacker techniques which target subtle serverless component flaws.
2: Understand how advanced attackers can target and leverage these security vulnerabilities.
3: Find out how to lock down these applications against these advanced tactics.

High-level understanding of serverless application architecture and modern javascript-based web frameworks.