Serverless Security on AWS

1-day workshop that covers everything you need to consider when it comes to securing your serverless application.

Curriculum

  • Lambda function security
    • IAM best practices
    • Secret management
    • Function configuration best practices
    • Ingress and egress validation
    • Monitoring/logging
  • CI pipeline security
    • Securing deployer role for same & cross-account deployments
    • Scanning app dependencies for vulnerabilities
  • API security
    • Authentication and authorization
    • Networking
    • WAF
    • Throttling
    • Monitoring
  • Network security
    • VPC
    • Security Group
    • Network ACL
    • AWS Shield
  • Data security
    • Server-side encryption
    • RDS
  • General AWS security
    • Account organization (feat. AWS Organizations and Control Tower)
    • Protecting against credential leaks
    • Monitoring suspicious activities
    • DevSecOps automation with Lambda
    • Overview of SecurityHub, TrustedAdvisor, Macie, etc.

Booking