Tal Melamed Relatore

With more than 15 years' experience in Application and Serverless Security, Tal recently co-founded CloudEssence, a cloud-native Application Security company that was acquired by Contrast Security in 2020, where he now leads the new innovation centre. Previous to CloudEssence, Tal headed the security research at Protego Labs, a Serverless security startup that was acquired by Check Point. Tal is committed to evangelising serverless and application security to the community, by training hundreds of developers and security teams around the world, serving as an AWS Community builder and teaching at the cybersecurity master's program at Quinnipiac University.
  • Serverless Security Testing Serverless technology eliminates the need for development teams to provision servers, and it also results in some security threats being passed to the cloud provider. This frees up developers to concentrate on building logic and producing value quickly. But cloud functions still execute code. If the software is written poorly, it can lead to a cloud disaster. While Serverless code contains a mixture of cloud configurations and application programming interfaces (API) calls, legacy security solutions lack the context that is necessary in a serverless environment, and the consequence is a lack of observability and slower response times. This means that the security teams struggle to keep up with the speed of development and the security is left behind. Fortunately, it does not have to be this way. Organizations can leverage robust security during serverless development, automatically—if done properly. In this talk, we will discuss common risks in serverless environments. We will then cover existing testing methodologies and why they do not work well for serverless. Finally, we will present a new, completely frictionless way of testing serverless applications automatically—with no scripts, no tests, and no delays. - 14:45/15:30, 06 Nov 2021