Ory Segal, PureSec CTO

PureSec Blog (Launch)

Did you know that more than one-in-five serverless applications contains critical security vulnerabilities? ... Read More

A couple of weeks ago, I gave a talk on serverless security at Check Point. After my talk, Ohad Bobrov (VP, Enterprise Mobility at Check Point) approached me, and mentioned that he sees some resemblance between the ROP chaining exploitation technique, and the “SAS-09” entry in the Serverless Top 10 ... Read More

I’ve been waiting for a while now for the AWS folks to open AWS Serverless Application Repository to the general public. What could be more fun than getting access to even more serverless applications, seeing what people are up to, and finding even more ideas on what you can build ... Read More

Having spent the last year and a half evangelizing serverless security and explaining how PureSec can help organizations with securing their serverless applications, it dawned on me that many people don’t have a clear understanding as to what really needs to be secured, and what is the problem we are ... Read More

== Summary == The Node package “aws-lambda-multipart-parser” was found to be vulnerable to a ReDoS (Regular-Expression Denial of Service) attack vector. This vulnerability enables a malicious user to cause each AWS Lambda function which uses it to stall until it times out. An attacker may send numerous concurrent malicious requests ... Read More

Having talked with many organizations about serverless security lately, I can pretty much classify the initial CISO reactions when I bring up the topic of “serverless security”: ... Read More