Protego has a new open source tool to provide serverless security training - Technical.ly Baltimore

Dev

Jan. 8, 2019 1:12 pm

Protego has a new open source tool to provide serverless security training

With Damn Vulnerable Serverless Application, the company is providing a place to learn about potential vulnerabilities. Head of Security Research Tal Melamed said providing hands-on learning is key to education.

Protego wants to bring security to serverless environments.

(Photo by Flickr user Yuri Samoilov, used under a Creative Commons license)

Baltimore startup Protego is looking to provide security for serverless computing. It’s a new field, and so there’s some education involved.

As CEO Tsion Gonen has told Technical.ly, the company sees lots of promise in the technology, which proponents say allows developers to focus on building code without worrying about certain overhead considerations. The form of cloud computing doesn’t eliminate servers altogether, but takes the requirement to maintain servers out of the equation and allows applications to be scaled automatically.

But as with many technologies, there are potential security vulnerabilities. Plenty of users understand this, but the vulnerabilities in the fledgling area aren’t all fully understood.

“We’ve been asked by many of our customers and by security professionals if there’s a way to test their security and security understanding,” said Protego Labs Head of Security Research Tal Melamed. “Many companies did the transformation to serverless, and the security conversation was there. But, there was no actual way to apply the knowledge and skill and really test it.”

To allow for that learning, Protego created an open source tool. DVSA, or Damn Vulnerable Serverless Application, provides an interface that shows the most common serverless vulnerabilities. The company also donated the tool to OWASP, the Open Web Application Security Project.

The idea is to allow organizations and devs train in securing serverless environments, and provide security professionals a place to test their skills and tools. The testing application includes cloud resources, as well as a back-end with a variety of functions and front-end with authentication and email interaction with users. Within the environment, it allows practitioners to attempt attacks.

“They can first hack, and then the important part is to fix the code, make the app more secure, and check that the exploit doesn’t work anymore,” said Melamed. “I’ve been training both ethical hackers and developers for years and this is the best, and maybe the only, way to really learn about security implications.”

Advertisement

Along with helping developers understand the processes behind serverless security, Melamed also sees it as a tool for students and teachers.

“I hope that by making it open source it could grow and maybe even help discover new security vulnerabilities that we haven’t thought of before,” Melamed said.

It’s not the first open source project from the startup. Last year, Protego Labs also provided a tool called the OWASP Serverless Top 10, which provided a look at the most common server vulnerabilities.

-30-
JOIN THE COMMUNITY, BECOME A MEMBER
Already a member? Sign in here

Advertisement

Gov. Hogan creates CISO position for State of Maryland

Congressman: ‘No evidence’ that NSA cyberweapon was used in Baltimore

Protecting passwords: Relatively simple solutions for a big cybersecurity risk

SPONSORED

Baltimore

Building a data acquisition system? Don’t make this mistake

Baltimore

b.well

Healthcare Data Engineer

Apply Now
Baltimore

14 West

Senior Software Engineer (Java + Apache Spark)

Apply Now
Baltimore, MD

SmartLogic

Account Executive (Baltimore)

Apply Now

NYT: Tool used in cyber attack on City of Baltimore was developed at Maryland-based NSA

Mayor: City of Baltimore will have to rebuild some IT systems to recover from cyber attack

City of Baltimore ransomware attack affects home sales, payments and more

SPONSORED

Baltimore

How SmartLogic accelerated these startups’ product growth trajectories

Baltimore, MD 21201

14 West

Junior Database Administrator

Apply Now

Sign-up for daily news updates from Technical.ly Baltimore

Do NOT follow this link or you will be banned from the site!