Now we learn from the one and only @orysegal about Serverless Security.

Get ready @NMoutschen @mavi888uy @rchrdbyd and @jbesw

#serverlessSthlm

He starts by reminding everyone about Shared Responsibility Model, and how that differs when you adopt Serverless

#serverlessSthlm

Ory also reminds @jbesw and the audience that the focus moves from Infrastructure Security to Application Security.

He also stress the point that this is not unique to Serverless per se but any Application

#serverlessSthlm

Good call out for how Serverless allows you to be very granular with permissions as to what specific code can access - Something that wasn’t easy before.

However, it’s easy to overlook that in dev and not correct that before going to Prod

He’s now telling an engaging and funny story of how he won the Lambdashell.com bounty, and how hard that actually was despite literally having RCE — “Something that Security experts would love as it means game over for serverful environments”

Praying to the demo gods to help @orysegal kick ass in his AppSec demo using a Serverless HR CV system

Oh, hi John!

#serverlessSthlm

And everything worked!! Awesome demo and the bar keeps raising!!

However, the unexpected time the Chef does storytelling to introduce the lunch about to be served — Speechless!

And he’s KILLING IT on stage !!!