(Photo by Flickr user Yuri Samoilov, used under a Creative Commons license)
Baltimore startup Protego is looking to provide security for serverless computing. It’s a new field, and so there’s some education involved.
As CEO Tsion Gonen has told Technical.ly, the company sees lots of promise in the technology, which proponents say allows developers to focus on building code without worrying about certain overhead considerations. The form of cloud computing doesn’t eliminate servers altogether, but takes the requirement to maintain servers out of the equation and allows applications to be scaled automatically.
But as with many technologies, there are potential security vulnerabilities. Plenty of users understand this, but the vulnerabilities in the fledgling area aren’t all fully understood.
“We’ve been asked by many of our customers and by security professionals if there’s a way to test their security and security understanding,” said Protego Labs Head of Security Research Tal Melamed. “Many companies did the transformation to serverless, and the security conversation was there. But, there was no actual way to apply the knowledge and skill and really test it.”
To allow for that learning, Protego created an open source tool. DVSA, or Damn Vulnerable Serverless Application, provides an interface that shows the most common serverless vulnerabilities. The company also donated the tool to OWASP, the Open Web Application Security Project.
The idea is to allow organizations and devs train in securing serverless environments, and provide security professionals a place to test their skills and tools. The testing application includes cloud resources, as well as a back-end with a variety of functions and front-end with authentication and email interaction with users. Within the environment, it allows practitioners to attempt attacks.
“They can first hack, and then the important part is to fix the code, make the app more secure, and check that the exploit doesn’t work anymore,” said Melamed. “I’ve been training both ethical hackers and developers for years and this is the best, and maybe the only, way to really learn about security implications.”
Along with helping developers understand the processes behind serverless security, Melamed also sees it as a tool for students and teachers.
“I hope that by making it open source it could grow and maybe even help discover new security vulnerabilities that we haven’t thought of before,” Melamed said.
It’s not the first open source project from the startup. Last year, Protego Labs also provided a tool called the OWASP Serverless Top 10, which provided a look at the most common server vulnerabilities.-30-
Hanover’s Dragos looks to grow with a Houston office and an Atlanta acquisition
At RSA Conference, Maryland looks to make cybersecurity connections beyond the state
Howard County’s RackTop Systems raises $15M to expand its data storage and security product
At 14 West, only go-getters need apply
Drilling down on the numbers behind Baltimore’s tech and cyber jobs growth
Fugue evolves its cloud security offering with SaaS product
Georgia economic leaders paid a visit to Maryland cyber centers
Learn to lead digital transformation at Phorum 2019
Sign-up for daily news updates from Technical.ly Baltimore