Hacking a Serverless Application: Demo

Hacking a Serverless Application: Demo

Published Sep 7, 2018

Hacking serverless applications. This is a demo showing how an attacker exploits an RCE vulnerability in a serverless application, together with abusing over-privileged AWS IAM permissions on a DynamoDB table in order to exfiltrate sensitive data.

Main topics: Hacking serverless, AWS Lambda & DynamoDB based application, serverless security, attacking a function-as-a-service architecture, Insecure AWS IAM permissions. AWS lambda security best practices.

Go to website