July 3, 2017

Layered Approach to Security, Serverless backends @ Toronto AWS Meetup

Serverless Backends w/AWS Lambda & API Gateway

Frank and Jay from Anomaly Innovations talked about their experiences with serverless APIs running on AWS Lambda. Check their site Serverless Stack for detailed tutorial on setting up AWS Lambda functions.

I wanted to compare this to Firebase Cloud Functions

AWS Layered Approach to Security

Nick Boccone from Engage talked about general application security stuff and made me feel OK to be be paranoid about everything.

4 tenets of security

  1. trust nothing and no one
  2. nothing is secure until you turn it off
  3. security is a tradeoff with usability
  4. embrace your paranoia

6 layers of security

  1. descope, limit, block
    • store less data so there is less to steal
    • do less work on a server or service so there is less surface area to attack
    • block access by default and use whitelists
  2. Know your touch points, the boundaries of your application/product
    • where does your application interact with other applications from other organizations?
    • where does your application interact with infrastructure from other applications?
    • where does you application interact with people vulnerable to social engineering
  3. didn’t write it down
    • something else about touchpoints?
  4. make access difficult
    • trade-off between usability and security e.g. 2 factor auth
  5. didn’t write it down
    • wish I wrote it down
  6. Keep up-to-date
    • keep software patched
    • policies need to be reviewed and updated when there is new information
    • training (you team and customers need to know about)
    • security landscape (OWASP, National vulnerability db, AWS security cheat sheet?)

Words I had to look up

Federated

Maybe it was this? Federated Architecture. A group of distinct services or databases working together

DMZ

demilitarized zone – exposing part of a network to the public (e.g. DNS, FTP, email sending/receiving), and hiding the rest behind a firewall (e.g. file storage, computing)

Also from chatting with people

https://www.meetup.com/Toronto-AWS-Users-United/events/238953929/