Protego has a new open source tool to provide serverless security training - Technical.ly Baltimore

Dev

Jan. 8, 2019 1:12 pm

Protego has a new open source tool to provide serverless security training

With Damn Vulnerable Serverless Application, the company is providing a place to learn about potential vulnerabilities. Head of Security Research Tal Melamed said providing hands-on learning is key to education.

Protego wants to bring security to serverless environments.

(Photo by Flickr user Yuri Samoilov, used under a Creative Commons license)

Baltimore startup Protego is looking to provide security for serverless computing. It’s a new field, and so there’s some education involved.

As CEO Tsion Gonen has told Technical.ly, the company sees lots of promise in the technology, which proponents say allows developers to focus on building code without worrying about certain overhead considerations. The form of cloud computing doesn’t eliminate servers altogether, but takes the requirement to maintain servers out of the equation and allows applications to be scaled automatically.

But as with many technologies, there are potential security vulnerabilities. Plenty of users understand this, but the vulnerabilities in the fledgling area aren’t all fully understood.

“We’ve been asked by many of our customers and by security professionals if there’s a way to test their security and security understanding,” said Protego Labs Head of Security Research Tal Melamed. “Many companies did the transformation to serverless, and the security conversation was there. But, there was no actual way to apply the knowledge and skill and really test it.”

To allow for that learning, Protego created an open source tool. DVSA, or Damn Vulnerable Serverless Application, provides an interface that shows the most common serverless vulnerabilities. The company also donated the tool to OWASP, the Open Web Application Security Project.

The idea is to allow organizations and devs train in securing serverless environments, and provide security professionals a place to test their skills and tools. The testing application includes cloud resources, as well as a back-end with a variety of functions and front-end with authentication and email interaction with users. Within the environment, it allows practitioners to attempt attacks.

“They can first hack, and then the important part is to fix the code, make the app more secure, and check that the exploit doesn’t work anymore,” said Melamed. “I’ve been training both ethical hackers and developers for years and this is the best, and maybe the only, way to really learn about security implications.”

Advertisement

Along with helping developers understand the processes behind serverless security, Melamed also sees it as a tool for students and teachers.

“I hope that by making it open source it could grow and maybe even help discover new security vulnerabilities that we haven’t thought of before,” Melamed said.

It’s not the first open source project from the startup. Last year, Protego Labs also provided a tool called the OWASP Serverless Top 10, which provided a look at the most common server vulnerabilities.

-30-
JOIN THE COMMUNITY, BECOME A MEMBER
Already a member? Sign in here
Connect with companies from the Technical.ly community
New call-to-action

Advertisement

Power Moves: Leadership changes at CAMI and Maryland Momentum Fund

UMBC and UMB are joining forces to protect and probe medical data

clean.io releases data behind malicious ads

SPONSORED

Baltimore

What Asymmetrik is doing to help lead healthcare’s digital transformation

Philadelphia, PA

Bresslergroup

Senior Interaction Designer

Apply Now
Baltimore, MD

Agora Financial

Sr. Frontend Developer

Apply Now
Baltimore, MD 21201

14 West

Junior Database Administrator

Apply Now

Bowie-based Trinity Cyber, led by NSA and White House alums, raises $23M

DataTribe is hosting its second cyber startup competition

DreamPort plans expansion of Columbia collaboration space

SPONSORED

Baltimore

Verizon is looking for the brightest ideas on how to use its 5G technology

Baltimore, MD

SmartLogic

Account Executive (Baltimore)

Apply Now
Baltimore, MD

14 West

Product Operations Manager

Apply Now
Philadelphia OR Baltimore

Technically Media

Technical.ly Editorial Intern (Fall 2019)

Apply Now

Sign-up for daily news updates from Technical.ly Baltimore

Do NOT follow this link or you will be banned from the site!