Registration is NOW Open
Marriott Wardman Park
2660 Woodley Rd NW
Washington DC, District of Columbia 20008 USA
Phone: 1-202-328-2000 

Book Now 
*discount rates expire August 19, 2019
Back To Schedule
Friday, September 13 • 10:30am - 11:15am
A Purple Team View of Serverless and GraphQL Applications

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
The presentation will begin with quick refresher on Serverless functions and GraphQL Applications. The author will deploy a serverless function with GraphQL to demonstrate.

The presentation with demo will also highlight some common attacks against serverless functions, namely:
* Function Data Event Injection
* Lateral Movement through Remote Code Execution on Function
* NoSQL Injection, specifically DynamoDB Injection
* ReDOS Attacks against Serverless functions, increasing transaction fee per serverless invoke to large values (e.g. $3 per request)

Subsequently, author will demonstrate attacks against GraphQL Functions like:
* Authorization Bypass through Introspection
* Insecure Direct Object Reference Attacks
* NoSQL Injection Attacks\
* Deserialization vulnerabilities

Finally the presentation ends with the author demonstrating attacks against Serverless-GraphQL Applications, where the author will use Remote Code Execution and DoS Style queries to demonstrate specific attacks leading to cloud API-based lateral movement and DoS leading to financial exhaustion

All the while, the author will highlight some key deficiencies in the lack of tooling, “batteries-included” security frameworks and DIY validation that might exacerbate these flaws

avatar for Abhay Bhargav

Abhay Bhargav

Founder, we45
"Abhay Bhargav is the Founder of we45, a focused Application Security Company. Abhay is a builder and breaker of applications. He is the Chief Architect of “Orchestron"", a leading Application Vulnerability Correlation and Orchestration Framework.  He has created some pioneering... Read More →

Friday September 13, 2019 10:30am - 11:15am EDT
Lincoln 2